agent: thread through ACL config to Server

2026-01-05 18:05:42 +03:00 · 2017-08-13 14:11:06 -07:00
parent 9fdea05804
commit 2329fbcd28
3 changed files with 26 additions and 0 deletions
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -106,6 +106,15 @@ func convertServerConfig(agentConfig *Config, logOutput io.Writer) (*nomad.Confi
 	if agentConfig.Region != "" {
 		conf.Region = agentConfig.Region
 	}
+
+	// Set the Authoritative Region if set, otherwise default to
+	// the same as the local region.
+	if agentConfig.Server.AuthoritativeRegion != "" {
+		conf.AuthoritativeRegion = agentConfig.Server.AuthoritativeRegion
+	} else if agentConfig.Region != "" {
+		conf.AuthoritativeRegion = agentConfig.Region
+	}
+
 	if agentConfig.Datacenter != "" {
 		conf.Datacenter = agentConfig.Datacenter
 	}
@@ -134,6 +143,9 @@ func convertServerConfig(agentConfig *Config, logOutput io.Writer) (*nomad.Confi
 	if len(agentConfig.Server.EnabledSchedulers) != 0 {
 		conf.EnabledSchedulers = agentConfig.Server.EnabledSchedulers
 	}
+	if agentConfig.ACL.Enabled {
+		conf.ACLEnabled = true
+	}

 	// Set up the bind addresses
 	rpcAddr, err := net.ResolveTCPAddr("tcp", agentConfig.normalizedAddrs.RPC)
--- a/command/agent/agent_test.go
+++ b/command/agent/agent_test.go
@@ -57,6 +57,7 @@ func TestAgent_ServerConfig(t *testing.T) {
 	conf.AdvertiseAddrs.Serf = "127.0.0.1:4000"
 	conf.AdvertiseAddrs.RPC = "127.0.0.1:4001"
 	conf.AdvertiseAddrs.HTTP = "10.10.11.1:4005"
+	conf.ACL.Enabled = true

 	// Parses the advertise addrs correctly
 	if err := conf.normalizeAddrs(); err != nil {
@@ -74,6 +75,12 @@ func TestAgent_ServerConfig(t *testing.T) {
 	if serfPort != 4000 {
 		t.Fatalf("expected 4000, got: %d", serfPort)
 	}
+	if out.AuthoritativeRegion != "global" {
+		t.Fatalf("bad: %#v", out.AuthoritativeRegion)
+	}
+	if !out.ACLEnabled {
+		t.Fatalf("ACL not enabled")
+	}

 	// Assert addresses weren't changed
 	if addr := conf.AdvertiseAddrs.RPC; addr != "127.0.0.1:4001" {
--- a/nomad/config.go
+++ b/nomad/config.go
@@ -101,6 +101,10 @@ type Config struct {
 	// Region is the region this Nomad server belongs to.
 	Region string

+	// AuthoritativeRegion is the region which is treated as the authoritative source
+	// for ACLs and Policies. This provides a single source of truth to resolve conflicts.
+	AuthoritativeRegion string
+
 	// Datacenter is the datacenter this Nomad server belongs to.
 	Datacenter string

@@ -224,6 +228,9 @@ type Config struct {

 	// TLSConfig holds various TLS related configurations
 	TLSConfig *config.TLSConfig
+
+	// ACLEnabled controls if ACL enforcement and management is enabled.
+	ACLEnabled bool
 }

 // CheckVersion is used to check if the ProtocolVersion is valid