From 3a3e63e2e1f090555b4236929c637f95ca513098 Mon Sep 17 00:00:00 2001 From: Kartik Prajapati Date: Fri, 9 Aug 2024 01:03:36 +0530 Subject: [PATCH] cli: add role update functionality to acl token update (#18532) --- .changelog/18532.txt | 3 ++ command/acl_token_update.go | 38 ++++++++++++++++--- .../docs/commands/acl/token/update.mdx | 11 +++++- 3 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 .changelog/18532.txt diff --git a/.changelog/18532.txt b/.changelog/18532.txt new file mode 100644 index 000000000..72c503c38 --- /dev/null +++ b/.changelog/18532.txt @@ -0,0 +1,3 @@ +```release-note:improvement +cli: Added support for updating the roles for an ACL token +``` diff --git a/command/acl_token_update.go b/command/acl_token_update.go index 8e0bb0d86..83a178a11 100644 --- a/command/acl_token_update.go +++ b/command/acl_token_update.go @@ -12,6 +12,9 @@ import ( type ACLTokenUpdateCommand struct { Meta + + roleNames []string + roleIDs []string } func (c *ACLTokenUpdateCommand) Help() string { @@ -33,8 +36,19 @@ Update Options: Sets the type of token. Must be one of "client" or "management". -policy="" - Specifies a policy to associate with the token. Can be specified multiple times, - but only with client type tokens. + Specifies a policy to associate with the token. Can be specified multiple + times, but only with client type tokens. If any policies are specified, they + completely replace the policies on the existing token. + + -role-id="" + ID of a role to use for this token. Can be specified multiple times, but + only with client type tokens. If any roles are specified, they completely + replace the roles on the existing token. + + -role-name="" + Name of a role to use for this token. Can be specified multiple times, but + only with client type tokens. If any roles are specified, they completely + replace the roles on the existing token. ` return strings.TrimSpace(helpText) @@ -43,9 +57,11 @@ Update Options: func (c *ACLTokenUpdateCommand) AutocompleteFlags() complete.Flags { return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient), complete.Flags{ - "name": complete.PredictAnything, - "type": complete.PredictAnything, - "policy": complete.PredictAnything, + "name": complete.PredictAnything, + "type": complete.PredictAnything, + "policy": complete.PredictAnything, + "role-id": complete.PredictAnything, + "role-name": complete.PredictAnything, }) } @@ -70,6 +86,14 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int { policies = append(policies, s) return nil }), "policy", "") + flags.Var((funcVar)(func(s string) error { + c.roleNames = append(c.roleNames, s) + return nil + }), "role-name", "") + flags.Var((funcVar)(func(s string) error { + c.roleIDs = append(c.roleIDs, s) + return nil + }), "role-id", "") if err := flags.Parse(args); err != nil { return 1 } @@ -111,6 +135,10 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int { token.Policies = policies } + if len(c.roleNames) != 0 || len(c.roleIDs) != 0 { + token.Roles = generateACLTokenRoleLinks(c.roleNames, c.roleIDs) + } + // Update the token updatedToken, _, err := client.ACLTokens().Update(token, nil) if err != nil { diff --git a/website/content/docs/commands/acl/token/update.mdx b/website/content/docs/commands/acl/token/update.mdx index 57c293382..319b6b2f3 100644 --- a/website/content/docs/commands/acl/token/update.mdx +++ b/website/content/docs/commands/acl/token/update.mdx @@ -28,7 +28,16 @@ The `acl token update` command requires an existing token's accessor ID. - `-type`: Sets the type of token. Must be one of "client" or "management". - `-policy`: Specifies a policy to associate with the token. Can be specified - multiple times, but only with client type tokens. + multiple times, but only with client type tokens. If any policies are + specified, they completely replace the policies on the existing token. + +- `-role-id`: ID of a role to use for this token. Can be specified multiple + times, but only with client type tokens. If any roles are specified, they + completely replace the roles on the existing token. + +- `-role-name`: Name of a role to use for this token. Can be specified multiple + times, but only with client type tokens. If any roles are specified, they + completely replace the roles on the existing token. ## Examples