cli: add role update functionality to acl token update (#18532)

.changelog/18532.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+cli: Added support for updating the roles for an ACL token
+```

command/acl_token_update.go

@@ -12,6 +12,9 @@ import (
 
 type ACLTokenUpdateCommand struct {
 	Meta
+
+	roleNames []string
+	roleIDs   []string
 }
 
 func (c *ACLTokenUpdateCommand) Help() string {
@@ -33,8 +36,19 @@ Update Options:
     Sets the type of token. Must be one of "client" or "management".
 
   -policy=""
-    Specifies a policy to associate with the token. Can be specified multiple times,
-    but only with client type tokens.
+    Specifies a policy to associate with the token. Can be specified multiple
+    times, but only with client type tokens. If any policies are specified, they
+    completely replace the policies on the existing token.
+
+  -role-id=""
+    ID of a role to use for this token. Can be specified multiple times, but
+    only with client type tokens. If any roles are specified, they completely
+    replace the roles on the existing token.
+
+  -role-name=""
+    Name of a role to use for this token. Can be specified multiple times, but
+    only with client type tokens. If any roles are specified, they completely
+    replace the roles on the existing token.
 `
 
 	return strings.TrimSpace(helpText)
@@ -43,9 +57,11 @@ Update Options:
 func (c *ACLTokenUpdateCommand) AutocompleteFlags() complete.Flags {
 	return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient),
 		complete.Flags{
-			"name":   complete.PredictAnything,
-			"type":   complete.PredictAnything,
-			"policy": complete.PredictAnything,
+			"name":      complete.PredictAnything,
+			"type":      complete.PredictAnything,
+			"policy":    complete.PredictAnything,
+			"role-id":   complete.PredictAnything,
+			"role-name": complete.PredictAnything,
 		})
 }
 
@@ -70,6 +86,14 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int {
 		policies = append(policies, s)
 		return nil
 	}), "policy", "")
+	flags.Var((funcVar)(func(s string) error {
+		c.roleNames = append(c.roleNames, s)
+		return nil
+	}), "role-name", "")
+	flags.Var((funcVar)(func(s string) error {
+		c.roleIDs = append(c.roleIDs, s)
+		return nil
+	}), "role-id", "")
 	if err := flags.Parse(args); err != nil {
 		return 1
 	}
@@ -111,6 +135,10 @@ func (c *ACLTokenUpdateCommand) Run(args []string) int {
 		token.Policies = policies
 	}
 
+	if len(c.roleNames) != 0 || len(c.roleIDs) != 0 {
+		token.Roles = generateACLTokenRoleLinks(c.roleNames, c.roleIDs)
+	}
+
 	// Update the token
 	updatedToken, _, err := client.ACLTokens().Update(token, nil)
 	if err != nil {

website/content/docs/commands/acl/token/update.mdx

@@ -28,7 +28,16 @@ The `acl token update` command requires an existing token's accessor ID.
 - `-type`: Sets the type of token. Must be one of "client" or "management".
 
 - `-policy`: Specifies a policy to associate with the token. Can be specified
-  multiple times, but only with client type tokens.
+  multiple times, but only with client type tokens. If any policies are
+  specified, they completely replace the policies on the existing token.
+
+- `-role-id`: ID of a role to use for this token. Can be specified multiple
+  times, but only with client type tokens. If any roles are specified, they
+  completely replace the roles on the existing token.
+
+- `-role-name`: Name of a role to use for this token. Can be specified multiple
+  times, but only with client type tokens. If any roles are specified, they
+  completely replace the roles on the existing token.
 
 ## Examples