Merge pull request #3235 from hashicorp/f-acl_policy_info

ACL policy info

command/acl_bootstrap.go

@@ -72,6 +72,18 @@ func (c *ACLBootstrapCommand) Run(args []string) int {
 	return 0
 }
 
+// formatKVPolicy returns a K/V formatted policy
+func formatKVPolicy(policy *api.ACLPolicy) string {
+	output := []string{
+		fmt.Sprintf("Name|%s", policy.Name),
+		fmt.Sprintf("Description|%s", policy.Description),
+		fmt.Sprintf("Rules|%s", policy.Rules),
+		fmt.Sprintf("CreateIndex|%v", policy.CreateIndex),
+		fmt.Sprintf("ModifyIndex|%v", policy.ModifyIndex),
+	}
+	return formatKV(output)
+}
+
 // formatKVACLToken returns a K/V formatted ACL token
 func formatKVACLToken(token *api.ACLToken) string {
 	// Add the fixed preamble

command/acl_policy_info.go

@@ -0,0 +1,73 @@
+package command
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/posener/complete"
+)
+
+type ACLPolicyInfoCommand struct {
+	Meta
+}
+
+func (c *ACLPolicyInfoCommand) Help() string {
+	helpText := `
+Usage: nomad acl policy info <name>
+
+Info is used to fetch information on an existing ACL policy.
+
+General Options:
+
+  ` + generalOptionsUsage()
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *ACLPolicyInfoCommand) AutocompleteFlags() complete.Flags {
+	return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient),
+		complete.Flags{})
+}
+
+func (c *ACLPolicyInfoCommand) AutocompleteArgs() complete.Predictor {
+	return complete.PredictNothing
+}
+
+func (c *ACLPolicyInfoCommand) Synopsis() string {
+	return "Fetch info on an existing ACL policy"
+}
+
+func (c *ACLPolicyInfoCommand) Run(args []string) int {
+	flags := c.Meta.FlagSet("acl policy info", FlagSetClient)
+	flags.Usage = func() { c.Ui.Output(c.Help()) }
+	if err := flags.Parse(args); err != nil {
+		return 1
+	}
+
+	// Check that we got exactly one argument
+	args = flags.Args()
+	if l := len(args); l != 1 {
+		c.Ui.Error(c.Help())
+		return 1
+	}
+
+	// Get the policy name
+	policyName := args[0]
+
+	// Get the HTTP client
+	client, err := c.Meta.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
+		return 1
+	}
+
+	// Fetch info on the policy
+	policy, _, err := client.ACLPolicies().Info(policyName, nil)
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error fetching info on ACL policy: %s", err))
+		return 1
+	}
+
+	c.Ui.Output(formatKVPolicy(policy))
+	return 0
+}

command/acl_policy_info_test.go

@@ -0,0 +1,58 @@
+package command
+
+import (
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/nomad/acl"
+	"github.com/hashicorp/nomad/command/agent"
+	"github.com/hashicorp/nomad/nomad/mock"
+	"github.com/hashicorp/nomad/nomad/structs"
+	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestACLPolicyListCommand(t *testing.T) {
+	assert := assert.New(t)
+	t.Parallel()
+	config := func(c *agent.Config) {
+		c.ACL.Enabled = true
+	}
+
+	srv, _, url := testServer(t, true, config)
+	state := srv.Agent.Server().State()
+	defer srv.Shutdown()
+
+	// Bootstrap an initial ACL token
+	token := srv.Token
+	assert.NotNil(token, "failed to bootstrap ACL token")
+
+	// Create a test ACLPolicy
+	policy := &structs.ACLPolicy{
+		Name:  "testPolicy",
+		Rules: acl.PolicyWrite,
+	}
+	policy.SetHash()
+	assert.Nil(state.UpsertACLPolicies(1000, []*structs.ACLPolicy{policy}))
+
+	ui := new(cli.MockUi)
+	cmd := &ACLPolicyInfoCommand{Meta: Meta{Ui: ui, flagAddress: url}}
+
+	// Attempt to apply a policy without a valid management token
+	invalidToken := mock.ACLToken()
+	os.Setenv("NOMAD_TOKEN", invalidToken.SecretID)
+	code := cmd.Run([]string{"-address=" + url, policy.Name})
+	assert.Equal(1, code)
+
+	// Apply a policy with a valid management token
+	os.Setenv("NOMAD_TOKEN", token.SecretID)
+	code = cmd.Run([]string{"-address=" + url, policy.Name})
+	assert.Equal(0, code)
+
+	// Check the output
+	out := ui.OutputWriter.String()
+	if !strings.Contains(out, policy.Name) {
+		t.Fatalf("bad: %v", out)
+	}
+}

commands.go

@@ -46,6 +46,16 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
 				Meta: meta,
 			}, nil
 		},
+		"acl policy delete": func() (cli.Command, error) {
+			return &command.ACLPolicyDeleteCommand{
+				Meta: meta,
+			}, nil
+		},
+		"acl policy info": func() (cli.Command, error) {
+			return &command.ACLPolicyInfoCommand{
+				Meta: meta,
+			}, nil
+		},
 		"acl token": func() (cli.Command, error) {
 			return &command.ACLTokenCommand{
 				Meta: meta,

website/source/docs/commands/acl.html.md.erb

@@ -22,12 +22,14 @@ subcommands are available:
 * [`acl bootstrap`][bootstrap] - Bootstrap the initial ACL token
 * [`acl policy apply`][policyapply] - Create or update ACL policies
 * [`acl policy delete`][policydelete] - Delete an existing ACL policies
+* [`acl policy info`][policyinfo] - Fetch information on an existing ACL policy
 * [`acl token create`][tokencreate] - Create new ACL token
 * [`acl token delete`][tokendelete] - Delete an existing ACL token
 
 [bootstrap]: /docs/commands/acl/bootstrap.html
 [policyapply]: /docs/commands/acl/policy-apply.html
 [policydelete]: /docs/commands/acl/policy-delete.html
+[policyinfo]: /docs/commands/acl/policy-info.html
 [tokencreate]: /docs/commands/acl/token-create.html
 [tokendelete]: /docs/commands/acl/token-delete.html
 

website/source/docs/commands/acl/policy-info.html.md.erb

@@ -0,0 +1,42 @@
+---
+layout: "docs"
+page_title: "Commands: acl policy info"
+sidebar_current: "docs-commands-acl-policy-info"
+description: >
+The policy info command is used to fetch information on an existing ACL
+policy.
+---
+
+# Command: acl policy info
+
+The `acl policy info` command is used to fetch information on an existing ACL
+policy.
+
+## Usage
+
+```
+nomad acl policy info <name>
+```
+
+The `acl policy info` command requires the policy name.
+
+## General Options
+
+<%= partial "docs/commands/_general_options" %>
+
+## Examples
+
+Fetch information on an existing ACL Policy:
+
+```
+$ nomad acl policy info my-policy
+Name        = my-policy
+Description = <none>
+Rules       = {
+  "Name": "my-policy",
+  "Description": "This is a great policy",
+  "Rules": "list_jobs"
+}
+CreateIndex = 749
+ModifyIndex = 758
+```