2017-08-25 00:03:29 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ACLPolicies is used to query the ACL Policy endpoints.
|
|
|
|
type ACLPolicies struct {
|
|
|
|
client *Client
|
|
|
|
}
|
|
|
|
|
|
|
|
// ACLPolicies returns a new handle on the ACL policies.
|
|
|
|
func (c *Client) ACLPolicies() *ACLPolicies {
|
|
|
|
return &ACLPolicies{client: c}
|
|
|
|
}
|
|
|
|
|
|
|
|
// List is used to dump all of the policies.
|
|
|
|
func (a *ACLPolicies) List(q *QueryOptions) ([]*ACLPolicyListStub, *QueryMeta, error) {
|
|
|
|
var resp []*ACLPolicyListStub
|
|
|
|
qm, err := a.client.query("/v1/acl/policies", &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return resp, qm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Upsert is used to create or update a policy
|
|
|
|
func (a *ACLPolicies) Upsert(policy *ACLPolicy, q *WriteOptions) (*WriteMeta, error) {
|
|
|
|
if policy == nil || policy.Name == "" {
|
|
|
|
return nil, fmt.Errorf("missing policy name")
|
|
|
|
}
|
|
|
|
wm, err := a.client.write("/v1/acl/policy/"+policy.Name, policy, nil, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return wm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:10:10 +00:00
|
|
|
// Delete is used to delete a policy
|
|
|
|
func (a *ACLPolicies) Delete(policyName string, q *WriteOptions) (*WriteMeta, error) {
|
|
|
|
if policyName == "" {
|
|
|
|
return nil, fmt.Errorf("missing policy name")
|
|
|
|
}
|
2022-07-06 14:30:11 +00:00
|
|
|
wm, err := a.client.delete("/v1/acl/policy/"+policyName, nil, nil, q)
|
2017-08-25 00:10:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return wm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:12:53 +00:00
|
|
|
// Info is used to query a specific policy
|
|
|
|
func (a *ACLPolicies) Info(policyName string, q *QueryOptions) (*ACLPolicy, *QueryMeta, error) {
|
|
|
|
if policyName == "" {
|
|
|
|
return nil, nil, fmt.Errorf("missing policy name")
|
|
|
|
}
|
|
|
|
var resp ACLPolicy
|
|
|
|
wm, err := a.client.query("/v1/acl/policy/"+policyName, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:03:29 +00:00
|
|
|
// ACLTokens is used to query the ACL token endpoints.
|
|
|
|
type ACLTokens struct {
|
|
|
|
client *Client
|
|
|
|
}
|
|
|
|
|
|
|
|
// ACLTokens returns a new handle on the ACL tokens.
|
|
|
|
func (c *Client) ACLTokens() *ACLTokens {
|
|
|
|
return &ACLTokens{client: c}
|
|
|
|
}
|
|
|
|
|
2022-06-03 11:37:24 +00:00
|
|
|
// DEPRECATED: will be removed in Nomad 1.5.0
|
2017-08-25 00:03:29 +00:00
|
|
|
// Bootstrap is used to get the initial bootstrap token
|
|
|
|
func (a *ACLTokens) Bootstrap(q *WriteOptions) (*ACLToken, *WriteMeta, error) {
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.write("/v1/acl/bootstrap", nil, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
2022-06-03 11:37:24 +00:00
|
|
|
// BootstrapOpts is used to get the initial bootstrap token or pass in the one that was provided in the API
|
|
|
|
func (a *ACLTokens) BootstrapOpts(btoken string, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
|
|
|
|
if q == nil {
|
|
|
|
q = &WriteOptions{}
|
|
|
|
}
|
|
|
|
req := &BootstrapRequest{
|
|
|
|
BootstrapSecret: btoken,
|
|
|
|
}
|
|
|
|
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.write("/v1/acl/bootstrap", req, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:15:47 +00:00
|
|
|
// List is used to dump all of the tokens.
|
|
|
|
func (a *ACLTokens) List(q *QueryOptions) ([]*ACLTokenListStub, *QueryMeta, error) {
|
|
|
|
var resp []*ACLTokenListStub
|
|
|
|
qm, err := a.client.query("/v1/acl/tokens", &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return resp, qm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:26:13 +00:00
|
|
|
// Create is used to create a token
|
|
|
|
func (a *ACLTokens) Create(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
|
|
|
|
if token.AccessorID != "" {
|
|
|
|
return nil, nil, fmt.Errorf("cannot specify Accessor ID")
|
|
|
|
}
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.write("/v1/acl/token", token, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update is used to update an existing token
|
|
|
|
func (a *ACLTokens) Update(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
|
|
|
|
if token.AccessorID == "" {
|
|
|
|
return nil, nil, fmt.Errorf("missing accessor ID")
|
|
|
|
}
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.write("/v1/acl/token/"+token.AccessorID,
|
|
|
|
token, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete is used to delete a token
|
|
|
|
func (a *ACLTokens) Delete(accessorID string, q *WriteOptions) (*WriteMeta, error) {
|
|
|
|
if accessorID == "" {
|
|
|
|
return nil, fmt.Errorf("missing accessor ID")
|
|
|
|
}
|
2022-07-06 14:30:11 +00:00
|
|
|
wm, err := a.client.delete("/v1/acl/token/"+accessorID, nil, nil, q)
|
2017-08-25 00:26:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return wm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Info is used to query a token
|
|
|
|
func (a *ACLTokens) Info(accessorID string, q *QueryOptions) (*ACLToken, *QueryMeta, error) {
|
|
|
|
if accessorID == "" {
|
|
|
|
return nil, nil, fmt.Errorf("missing accessor ID")
|
|
|
|
}
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.query("/v1/acl/token/"+accessorID, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
2017-10-13 20:10:26 +00:00
|
|
|
// Self is used to query our own token
|
|
|
|
func (a *ACLTokens) Self(q *QueryOptions) (*ACLToken, *QueryMeta, error) {
|
|
|
|
var resp ACLToken
|
|
|
|
wm, err := a.client.query("/v1/acl/token/self", &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
return &resp, wm, nil
|
|
|
|
}
|
|
|
|
|
2021-02-25 21:41:00 +00:00
|
|
|
// UpsertOneTimeToken is used to create a one-time token
|
|
|
|
func (a *ACLTokens) UpsertOneTimeToken(q *WriteOptions) (*OneTimeToken, *WriteMeta, error) {
|
|
|
|
var resp *OneTimeTokenUpsertResponse
|
|
|
|
wm, err := a.client.write("/v1/acl/token/onetime", nil, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
if resp == nil {
|
|
|
|
return nil, nil, fmt.Errorf("no one-time token returned")
|
|
|
|
}
|
|
|
|
return resp.OneTimeToken, wm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ExchangeOneTimeToken is used to create a one-time token
|
|
|
|
func (a *ACLTokens) ExchangeOneTimeToken(secret string, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
|
|
|
|
if secret == "" {
|
|
|
|
return nil, nil, fmt.Errorf("missing secret ID")
|
|
|
|
}
|
|
|
|
req := &OneTimeTokenExchangeRequest{OneTimeSecretID: secret}
|
|
|
|
var resp *OneTimeTokenExchangeResponse
|
|
|
|
wm, err := a.client.write("/v1/acl/token/onetime/exchange", req, &resp, q)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
if resp == nil {
|
|
|
|
return nil, nil, fmt.Errorf("no ACL token returned")
|
|
|
|
}
|
|
|
|
return resp.Token, wm, nil
|
|
|
|
}
|
|
|
|
|
2017-08-25 00:03:29 +00:00
|
|
|
// ACLPolicyListStub is used to for listing ACL policies
|
|
|
|
type ACLPolicyListStub struct {
|
|
|
|
Name string
|
|
|
|
Description string
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
|
|
|
}
|
|
|
|
|
|
|
|
// ACLPolicy is used to represent an ACL policy
|
|
|
|
type ACLPolicy struct {
|
|
|
|
Name string
|
|
|
|
Description string
|
|
|
|
Rules string
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
|
|
|
}
|
|
|
|
|
|
|
|
// ACLToken represents a client token which is used to Authenticate
|
|
|
|
type ACLToken struct {
|
|
|
|
AccessorID string
|
|
|
|
SecretID string
|
|
|
|
Name string
|
|
|
|
Type string
|
|
|
|
Policies []string
|
|
|
|
Global bool
|
|
|
|
CreateTime time.Time
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
|
|
|
}
|
2017-08-25 00:15:47 +00:00
|
|
|
|
|
|
|
type ACLTokenListStub struct {
|
|
|
|
AccessorID string
|
|
|
|
Name string
|
|
|
|
Type string
|
|
|
|
Policies []string
|
|
|
|
Global bool
|
|
|
|
CreateTime time.Time
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
|
|
|
}
|
2021-02-25 21:41:00 +00:00
|
|
|
|
|
|
|
type OneTimeToken struct {
|
|
|
|
OneTimeSecretID string
|
|
|
|
AccessorID string
|
|
|
|
ExpiresAt time.Time
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
|
|
|
}
|
|
|
|
|
|
|
|
type OneTimeTokenUpsertResponse struct {
|
|
|
|
OneTimeToken *OneTimeToken
|
|
|
|
}
|
|
|
|
|
|
|
|
type OneTimeTokenExchangeRequest struct {
|
|
|
|
OneTimeSecretID string
|
|
|
|
}
|
|
|
|
|
|
|
|
type OneTimeTokenExchangeResponse struct {
|
|
|
|
Token *ACLToken
|
|
|
|
}
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
// BootstrapRequest is used for when operators provide an ACL Bootstrap Token
|
|
|
|
type BootstrapRequest struct {
|
|
|
|
BootstrapSecret string
|
|
|
|
}
|