agent: Support ACL upserting

command/agent/acl_endpoint.go

@@ -2,9 +2,10 @@ package agent
 
 import (
 	"fmt"
-	"github.com/hashicorp/consul/consul/structs"
 	"net/http"
 	"strings"
+
+	"github.com/hashicorp/consul/consul/structs"
 )
 
 // aclCreateResponse is used to wrap the ACL ID
@@ -80,14 +81,8 @@ func (s *HTTPServer) aclSet(resp http.ResponseWriter, req *http.Request, update
 		}
 	}
 
-	// Ensure there is no ID set for create
-	if !update && args.ACL.ID != "" {
-		resp.WriteHeader(400)
-		resp.Write([]byte(fmt.Sprintf("ACL ID cannot be set")))
-		return nil, nil
-	}
-
-	// Ensure there is an ID set for update
+	// Ensure there is an ID set for update. ID is optional for
+	// create, as one will be generated if not provided.
 	if update && args.ACL.ID == "" {
 		resp.WriteHeader(400)
 		resp.Write([]byte(fmt.Sprintf("ACL ID must be set")))

command/agent/acl_endpoint_test.go

@@ -3,10 +3,11 @@ package agent
 import (
 	"bytes"
 	"encoding/json"
-	"github.com/hashicorp/consul/consul/structs"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+
+	"github.com/hashicorp/consul/consul/structs"
 )
 
 func makeTestACL(t *testing.T, srv *HTTPServer) string {
@@ -62,6 +63,34 @@ func TestACLUpdate(t *testing.T) {
 	})
 }
 
+func TestACLUpdate_Upsert(t *testing.T) {
+	httpTest(t, func(srv *HTTPServer) {
+		body := bytes.NewBuffer(nil)
+		enc := json.NewEncoder(body)
+		raw := map[string]interface{}{
+			"ID":    "my-old-id",
+			"Name":  "User Token 2",
+			"Type":  "client",
+			"Rules": "",
+		}
+		enc.Encode(raw)
+
+		req, err := http.NewRequest("PUT", "/v1/acl/update?token=root", body)
+		if err != nil {
+			t.Fatalf("err: %v", err)
+		}
+		resp := httptest.NewRecorder()
+		obj, err := srv.ACLUpdate(resp, req)
+		if err != nil {
+			t.Fatalf("err: %v", err)
+		}
+		aclResp := obj.(aclCreateResponse)
+		if aclResp.ID != "my-old-id" {
+			t.Fatalf("bad: %v", aclResp)
+		}
+	})
+}
+
 func TestACLDestroy(t *testing.T) {
 	httpTest(t, func(srv *HTTPServer) {
 		id := makeTestACL(t, srv)