agent: thread through token for ACL endpoint tests

command/agent/acl_endpoint.go

@@ -84,7 +84,7 @@ func (s *HTTPServer) aclPolicyUpdate(resp http.ResponseWriter, req *http.Request
 	args := structs.ACLPolicyUpsertRequest{
 		Policies: []*structs.ACLPolicy{&policy},
 	}
-	s.parseRegion(req, &args.Region)
+	s.parseWrite(req, &args.WriteRequest)
 
 	var out structs.GenericResponse
 	if err := s.agent.RPC("ACL.UpsertPolicies", &args, &out); err != nil {
@@ -100,7 +100,7 @@ func (s *HTTPServer) aclPolicyDelete(resp http.ResponseWriter, req *http.Request
 	args := structs.ACLPolicyDeleteRequest{
 		Names: []string{policyName},
 	}
-	s.parseRegion(req, &args.Region)
+	s.parseWrite(req, &args.WriteRequest)
 
 	var out structs.GenericResponse
 	if err := s.agent.RPC("ACL.DeletePolicies", &args, &out); err != nil {
@@ -140,7 +140,7 @@ func (s *HTTPServer) ACLTokenBootstrap(resp http.ResponseWriter, req *http.Reque
 
 	// Format the request
 	args := structs.ACLTokenBootstrapRequest{}
-	s.parseRegion(req, &args.Region)
+	s.parseWrite(req, &args.WriteRequest)
 
 	var out structs.ACLTokenUpsertResponse
 	if err := s.agent.RPC("ACL.Bootstrap", &args, &out); err != nil {
@@ -220,7 +220,7 @@ func (s *HTTPServer) aclTokenUpdate(resp http.ResponseWriter, req *http.Request,
 	args := structs.ACLTokenUpsertRequest{
 		Tokens: []*structs.ACLToken{&token},
 	}
-	s.parseRegion(req, &args.Region)
+	s.parseWrite(req, &args.WriteRequest)
 
 	var out structs.ACLTokenUpsertResponse
 	if err := s.agent.RPC("ACL.UpsertTokens", &args, &out); err != nil {
@@ -239,7 +239,7 @@ func (s *HTTPServer) aclTokenDelete(resp http.ResponseWriter, req *http.Request,
 	args := structs.ACLTokenDeleteRequest{
 		AccessorIDs: []string{tokenAccessor},
 	}
-	s.parseRegion(req, &args.Region)
+	s.parseWrite(req, &args.WriteRequest)
 
 	var out structs.GenericResponse
 	if err := s.agent.RPC("ACL.DeleteTokens", &args, &out); err != nil {

command/agent/acl_endpoint_test.go

@@ -17,8 +17,11 @@ func TestHTTP_ACLPolicyList(t *testing.T) {
 		p2 := mock.ACLPolicy()
 		p3 := mock.ACLPolicy()
 		args := structs.ACLPolicyUpsertRequest{
-			Policies:     []*structs.ACLPolicy{p1, p2, p3},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Policies: []*structs.ACLPolicy{p1, p2, p3},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.GenericResponse
 		if err := s.Agent.RPC("ACL.UpsertPolicies", &args, &resp); err != nil {
@@ -31,6 +34,7 @@ func TestHTTP_ACLPolicyList(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLPoliciesRequest(respW, req)
@@ -62,8 +66,11 @@ func TestHTTP_ACLPolicyQuery(t *testing.T) {
 	httpACLTest(t, nil, func(s *TestAgent) {
 		p1 := mock.ACLPolicy()
 		args := structs.ACLPolicyUpsertRequest{
-			Policies:     []*structs.ACLPolicy{p1},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Policies: []*structs.ACLPolicy{p1},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.GenericResponse
 		if err := s.Agent.RPC("ACL.UpsertPolicies", &args, &resp); err != nil {
@@ -76,6 +83,7 @@ func TestHTTP_ACLPolicyQuery(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLPolicySpecificRequest(respW, req)
@@ -113,6 +121,7 @@ func TestHTTP_ACLPolicyCreate(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLPolicySpecificRequest(respW, req)
@@ -141,8 +150,11 @@ func TestHTTP_ACLPolicyDelete(t *testing.T) {
 	httpACLTest(t, nil, func(s *TestAgent) {
 		p1 := mock.ACLPolicy()
 		args := structs.ACLPolicyUpsertRequest{
-			Policies:     []*structs.ACLPolicy{p1},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Policies: []*structs.ACLPolicy{p1},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.GenericResponse
 		if err := s.Agent.RPC("ACL.UpsertPolicies", &args, &resp); err != nil {
@@ -155,6 +167,7 @@ func TestHTTP_ACLPolicyDelete(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLPolicySpecificRequest(respW, req)
@@ -216,8 +229,11 @@ func TestHTTP_ACLTokenList(t *testing.T) {
 		p3 := mock.ACLToken()
 		p3.AccessorID = ""
 		args := structs.ACLTokenUpsertRequest{
-			Tokens:       []*structs.ACLToken{p1, p2, p3},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Tokens: []*structs.ACLToken{p1, p2, p3},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.ACLTokenUpsertResponse
 		if err := s.Agent.RPC("ACL.UpsertTokens", &args, &resp); err != nil {
@@ -230,6 +246,7 @@ func TestHTTP_ACLTokenList(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLTokensRequest(respW, req)
@@ -262,8 +279,11 @@ func TestHTTP_ACLTokenQuery(t *testing.T) {
 		p1 := mock.ACLToken()
 		p1.AccessorID = ""
 		args := structs.ACLTokenUpsertRequest{
-			Tokens:       []*structs.ACLToken{p1},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Tokens: []*structs.ACLToken{p1},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.ACLTokenUpsertResponse
 		if err := s.Agent.RPC("ACL.UpsertTokens", &args, &resp); err != nil {
@@ -277,6 +297,7 @@ func TestHTTP_ACLTokenQuery(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLTokenSpecificRequest(respW, req)
@@ -313,6 +334,7 @@ func TestHTTP_ACLTokenCreate(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLTokenSpecificRequest(respW, req)
@@ -340,8 +362,11 @@ func TestHTTP_ACLTokenDelete(t *testing.T) {
 		p1 := mock.ACLToken()
 		p1.AccessorID = ""
 		args := structs.ACLTokenUpsertRequest{
-			Tokens:       []*structs.ACLToken{p1},
-			WriteRequest: structs.WriteRequest{Region: "global"},
+			Tokens: []*structs.ACLToken{p1},
+			WriteRequest: structs.WriteRequest{
+				Region:   "global",
+				SecretID: s.Token.SecretID,
+			},
 		}
 		var resp structs.ACLTokenUpsertResponse
 		if err := s.Agent.RPC("ACL.UpsertTokens", &args, &resp); err != nil {
@@ -355,6 +380,7 @@ func TestHTTP_ACLTokenDelete(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 		respW := httptest.NewRecorder()
+		setToken(req, s.Token)
 
 		// Make the request
 		obj, err := s.Server.ACLTokenSpecificRequest(respW, req)

command/agent/http.go

@@ -366,6 +366,12 @@ func (s *HTTPServer) parseToken(req *http.Request, token *string) {
 	}
 }
 
+// parseWrite is a convenience method for endpoints that call write methods
+func (s *HTTPServer) parseWrite(req *http.Request, b *structs.WriteRequest) {
+	s.parseRegion(req, &b.Region)
+	s.parseToken(req, &b.SecretID)
+}
+
 // parse is a convenience method for endpoints that need to parse multiple flags
 func (s *HTTPServer) parse(resp http.ResponseWriter, req *http.Request, r *string, b *structs.QueryOptions) bool {
 	s.parseRegion(req, r)

command/agent/http_test.go

@@ -526,6 +526,10 @@ func httpACLTest(t testing.TB, cb func(c *Config), f func(srv *TestAgent)) {
 	f(s)
 }
 
+func setToken(req *http.Request, token *structs.ACLToken) {
+	req.Header.Set("X-Nomad-Token", token.SecretID)
+}
+
 func encodeReq(obj interface{}) io.ReadCloser {
 	buf := bytes.NewBuffer(nil)
 	enc := json.NewEncoder(buf)