cli: add role update functionality to acl token update (#18532)

2026-01-01 16:05:42 +03:00 · 2024-08-09 01:03:36 +05:30
parent bb4c4fbd49
commit 3a3e63e2e1
3 changed files with 46 additions and 6 deletions
--- a/.changelog/18532.txt
+++ b/.changelog/18532.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+cli: Added support for updating the roles for an ACL token
+```
--- a/command/acl_token_update.go
+++ b/command/acl_token_update.go
@@ -12,6 +12,9 @@ import (

 type ACLTokenUpdateCommand struct {
 	Meta
+
+	roleNames []string
+	roleIDs   []string
 }

 func (c *ACLTokenUpdateCommand) Help() string {
@@ -33,8 +36,19 @@ Update Options:
    Sets the type of token. Must be one of "client" or "management".

  -policy=""
-    Specifies a policy to associate with the token. Can be specified multiple times,
-    but only with client type tokens.
+    Specifies a policy to associate with the token. Can be specified multiple
+    times, but only with client type tokens. If any policies are specified, they
+    completely replace the policies on the existing token.
+
+  -role-id=""
+    ID of a role to use for this token. Can be specified multiple times, but
+    only with client type tokens. If any roles are specified, they completely
+    replace the roles on the existing token.
+
+  -role-name=""
+    Name of a role to use for this token. Can be specified multiple times, but
+    only with client type tokens. If any roles are specified, they completely
+    replace the roles on the existing token.
 `

 	return strings.TrimSpace(helpText)
@@ -46,6 +60,8 @@ func (c *ACLTokenUpdateCommand) AutocompleteFlags() complete.Flags {
 			"name":      complete.PredictAnything,
 			"type":      complete.PredictAnything,
 			"policy":    complete.PredictAnything,
+			"role-id":   complete.PredictAnything,
+			"role-name": complete.PredictAnything,
 		})
 }

@@ -70,6 +86,14 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int {
 		policies = append(policies, s)
 		return nil
 	}), "policy", "")
+	flags.Var((funcVar)(func(s string) error {
+		c.roleNames = append(c.roleNames, s)
+		return nil
+	}), "role-name", "")
+	flags.Var((funcVar)(func(s string) error {
+		c.roleIDs = append(c.roleIDs, s)
+		return nil
+	}), "role-id", "")
 	if err := flags.Parse(args); err != nil {
 		return 1
 	}
@@ -111,6 +135,10 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int {
 		token.Policies = policies
 	}

+	if len(c.roleNames) != 0 || len(c.roleIDs) != 0 {
+		token.Roles = generateACLTokenRoleLinks(c.roleNames, c.roleIDs)
+	}
+
 	// Update the token
 	updatedToken, _, err := client.ACLTokens().Update(token, nil)
 	if err != nil {
--- a/website/content/docs/commands/acl/token/update.mdx
+++ b/website/content/docs/commands/acl/token/update.mdx
@@ -28,7 +28,16 @@ The `acl token update` command requires an existing token's accessor ID.
 - `-type`: Sets the type of token. Must be one of "client" or "management".

 - `-policy`: Specifies a policy to associate with the token. Can be specified
-  multiple times, but only with client type tokens.
+  multiple times, but only with client type tokens. If any policies are
+  specified, they completely replace the policies on the existing token.
+
+- `-role-id`: ID of a role to use for this token. Can be specified multiple
+  times, but only with client type tokens. If any roles are specified, they
+  completely replace the roles on the existing token.
+
+- `-role-name`: Name of a role to use for this token. Can be specified multiple
+  times, but only with client type tokens. If any roles are specified, they
+  completely replace the roles on the existing token.

 ## Examples