open-consul/command
Freddy 29d5811f0d
Update HCP bootstrapping to support existing clusters (#16916)
* Persist HCP management token from server config

We want to move away from injecting an initial management token into
Consul clusters linked to HCP. The reasoning is that by using a separate
class of token we can have more flexibility in terms of allowing HCP's
token to co-exist with the user's management token.

Down the line we can also more easily adjust the permissions attached to
HCP's token to limit it's scope.

With these changes, the cloud management token is like the initial
management token in that iit has the same global management policy and
if it is created it effectively bootstraps the ACL system.

* Update SDK and mock HCP server

The HCP management token will now be sent in a special field rather than
as Consul's "initial management" token configuration.

This commit also updates the mock HCP server to more accurately reflect
the behavior of the CCM backend.

* Refactor HCP bootstrapping logic and add tests

We want to allow users to link Consul clusters that already exist to
HCP. Existing clusters need care when bootstrapped by HCP, since we do
not want to do things like change ACL/TLS settings for a running
cluster.

Additional changes:

* Deconstruct MaybeBootstrap so that it can be tested. The HCP Go SDK
  requires HTTPS to fetch a token from the Auth URL, even if the backend
  server is mocked. By pulling the hcp.Client creation out we can modify
  its TLS configuration in tests while keeping the secure behavior in
  production code.

* Add light validation for data received/loaded.

* Sanitize initial_management token from received config, since HCP will
  only ever use the CloudConfig.MangementToken.

* Add changelog entry
2023-04-27 22:27:39 +02:00
..
acl Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
agent Update HCP bootstrapping to support existing clusters (#16916) 2023-04-27 22:27:39 +02:00
catalog Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
cli Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
config Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
connect [CC-4519] Include Consul NodeID in Envoy bootstrap metadata (#17139) 2023-04-26 10:04:57 -06:00
debug Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
event Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
exec Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
flags Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
forceleave Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
helpers Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
info Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
intention Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
join Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
keygen Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
keyring Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
kv Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
leave Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
lock Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
login Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
logout Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
maint Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
members Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
monitor Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
operator Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
peering Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
reload Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
rtt Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
services Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
snapshot Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
tls Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
troubleshoot Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
validate Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
version Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
watch Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
registry.go Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00
registry_oss.go Copyright headers for command folder (#16705) 2023-03-28 15:12:30 -04:00