Merge pull request #3385 from hashicorp/f-acl-cli

Policy list and token self commands
2026-01-06 10:25:42 +03:00 · 2017-10-16 11:30:09 -07:00
parent cd177f1cbb 54ed1fe290
commit c92162cc49
13 changed files with 425 additions and 7 deletions
--- a/command/acl_policy_info_test.go
+++ b/command/acl_policy_info_test.go
@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestACLPolicyListCommand(t *testing.T) {
+func TestACLPolicyInfoCommand(t *testing.T) {
 	assert := assert.New(t)
 	t.Parallel()
 	config := func(c *agent.Config) {
--- a/command/acl_policy_list.go
+++ b/command/acl_policy_list.go
@@ -0,0 +1,114 @@
+package command
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/nomad/api"
+	"github.com/posener/complete"
+)
+
+type ACLPolicyListCommand struct {
+	Meta
+}
+
+func (c *ACLPolicyListCommand) Help() string {
+	helpText := `
+Usage: nomad acl policy list
+
+  List is used to list available ACL policies.
+
+General Options:
+
+  ` + generalOptionsUsage() + `
+
+List Options:
+
+  -json
+    Output the ACL policies in a JSON format.
+
+  -t
+    Format and display the ACL policies using a Go template.
+`
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *ACLPolicyListCommand) AutocompleteFlags() complete.Flags {
+	return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient),
+		complete.Flags{
+			"-json": complete.PredictNothing,
+			"-t":    complete.PredictAnything,
+		})
+}
+
+func (c *ACLPolicyListCommand) AutocompleteArgs() complete.Predictor {
+	return complete.PredictNothing
+}
+
+func (c *ACLPolicyListCommand) Synopsis() string {
+	return "List ACL policies"
+}
+
+func (c *ACLPolicyListCommand) Run(args []string) int {
+	var json bool
+	var tmpl string
+
+	flags := c.Meta.FlagSet("acl policy list", FlagSetClient)
+	flags.Usage = func() { c.Ui.Output(c.Help()) }
+	flags.BoolVar(&json, "json", false, "")
+	flags.StringVar(&tmpl, "t", "", "")
+
+	if err := flags.Parse(args); err != nil {
+		return 1
+	}
+
+	// Check that we got no arguments
+	args = flags.Args()
+	if l := len(args); l != 0 {
+		c.Ui.Error(c.Help())
+		return 1
+	}
+
+	// Get the HTTP client
+	client, err := c.Meta.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
+		return 1
+	}
+
+	// Fetch info on the policy
+	policies, _, err := client.ACLPolicies().List(nil)
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error listing ACL policies: %s", err))
+		return 1
+	}
+
+	if json || len(tmpl) > 0 {
+		out, err := Format(json, tmpl, policies)
+		if err != nil {
+			c.Ui.Error(err.Error())
+			return 1
+		}
+
+		c.Ui.Output(out)
+		return 0
+	}
+
+	c.Ui.Output(formatPolicies(policies))
+	return 0
+}
+
+func formatPolicies(policies []*api.ACLPolicyListStub) string {
+	if len(policies) == 0 {
+		return "No policies found"
+	}
+
+	output := make([]string, 0, len(policies)+1)
+	output = append(output, fmt.Sprintf("Name|Description"))
+	for _, p := range policies {
+		output = append(output, fmt.Sprintf("%s|%s", p.Name, p.Description))
+	}
+
+	return formatList(output)
+}
--- a/command/acl_policy_list_test.go
+++ b/command/acl_policy_list_test.go
@@ -0,0 +1,65 @@
+package command
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/nomad/acl"
+	"github.com/hashicorp/nomad/command/agent"
+	"github.com/hashicorp/nomad/nomad/mock"
+	"github.com/hashicorp/nomad/nomad/structs"
+	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestACLPolicyListCommand(t *testing.T) {
+	assert := assert.New(t)
+	t.Parallel()
+	config := func(c *agent.Config) {
+		c.ACL.Enabled = true
+	}
+
+	srv, _, url := testServer(t, true, config)
+	state := srv.Agent.Server().State()
+	defer srv.Shutdown()
+
+	// Bootstrap an initial ACL token
+	token := srv.RootToken
+	assert.NotNil(token, "failed to bootstrap ACL token")
+
+	// Create a test ACLPolicy
+	policy := &structs.ACLPolicy{
+		Name:  "testPolicy",
+		Rules: acl.PolicyWrite,
+	}
+	policy.SetHash()
+	assert.Nil(state.UpsertACLPolicies(1000, []*structs.ACLPolicy{policy}))
+
+	ui := new(cli.MockUi)
+	cmd := &ACLPolicyListCommand{Meta: Meta{Ui: ui, flagAddress: url}}
+
+	// Attempt to list policies without a valid management token
+	invalidToken := mock.ACLToken()
+	code := cmd.Run([]string{"-address=" + url, "-token=" + invalidToken.SecretID})
+	assert.Equal(1, code)
+
+	// Apply a policy with a valid management token
+	code = cmd.Run([]string{"-address=" + url, "-token=" + token.SecretID})
+	assert.Equal(0, code)
+
+	// Check the output
+	out := ui.OutputWriter.String()
+	if !strings.Contains(out, policy.Name) {
+		t.Fatalf("bad: %v", out)
+	}
+
+	// List json
+	if code := cmd.Run([]string{"-address=" + url, "-token=" + token.SecretID, "-json"}); code != 0 {
+		t.Fatalf("expected exit 0, got: %d; %v", code, ui.ErrorWriter.String())
+	}
+	out = ui.OutputWriter.String()
+	if !strings.Contains(out, "CreateIndex") {
+		t.Fatalf("expected json output, got: %s", out)
+	}
+	ui.OutputWriter.Reset()
+}
--- a/command/acl_token_self.go
+++ b/command/acl_token_self.go
@@ -0,0 +1,70 @@
+package command
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/posener/complete"
+)
+
+type ACLTokenSelfCommand struct {
+	Meta
+}
+
+func (c *ACLTokenSelfCommand) Help() string {
+	helpText := `
+Usage: nomad acl token self
+
+  Self is used to fetch information about the currently set ACL token.
+
+General Options:
+
+  ` + generalOptionsUsage()
+
+	return strings.TrimSpace(helpText)
+}
+
+func (c *ACLTokenSelfCommand) AutocompleteFlags() complete.Flags {
+	return c.Meta.AutocompleteFlags(FlagSetClient)
+}
+
+func (c *ACLTokenSelfCommand) AutocompleteArgs() complete.Predictor {
+	return complete.PredictNothing
+}
+
+func (c *ACLTokenSelfCommand) Synopsis() string {
+	return "Lookup self ACL token"
+}
+
+func (c *ACLTokenSelfCommand) Run(args []string) int {
+	flags := c.Meta.FlagSet("acl token self", FlagSetClient)
+	flags.Usage = func() { c.Ui.Output(c.Help()) }
+	if err := flags.Parse(args); err != nil {
+		return 1
+	}
+
+	// Check that we have exactly one argument
+	args = flags.Args()
+	if l := len(args); l != 0 {
+		c.Ui.Error(c.Help())
+		return 1
+	}
+
+	// Get the HTTP client
+	client, err := c.Meta.Client()
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
+		return 1
+	}
+
+	// Get the specified token information
+	token, _, err := client.ACLTokens().Self(nil)
+	if err != nil {
+		c.Ui.Error(fmt.Sprintf("Error fetching self token: %s", err))
+		return 1
+	}
+
+	// Format the output
+	c.Ui.Output(formatKVACLToken(token))
+	return 0
+}
--- a/command/acl_token_self_test.go
+++ b/command/acl_token_self_test.go
@@ -0,0 +1,57 @@
+package command
+
+import (
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/nomad/acl"
+	"github.com/hashicorp/nomad/command/agent"
+	"github.com/hashicorp/nomad/nomad/mock"
+	"github.com/hashicorp/nomad/nomad/structs"
+	"github.com/mitchellh/cli"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestACLTokenSelfCommand_ViaEnvVar(t *testing.T) {
+	assert := assert.New(t)
+	t.Parallel()
+	config := func(c *agent.Config) {
+		c.ACL.Enabled = true
+	}
+
+	srv, _, url := testServer(t, true, config)
+	defer srv.Shutdown()
+	state := srv.Agent.Server().State()
+
+	// Bootstrap an initial ACL token
+	token := srv.RootToken
+	assert.NotNil(token, "failed to bootstrap ACL token")
+
+	ui := new(cli.MockUi)
+	cmd := &ACLTokenSelfCommand{Meta: Meta{Ui: ui, flagAddress: url}}
+
+	// Create a valid token
+	mockToken := mock.ACLToken()
+	mockToken.Policies = []string{acl.PolicyWrite}
+	mockToken.SetHash()
+	assert.Nil(state.UpsertACLTokens(1000, []*structs.ACLToken{mockToken}))
+
+	// Attempt to fetch info on a token without providing a valid management
+	// token
+	invalidToken := mock.ACLToken()
+	os.Setenv("NOMAD_TOKEN", invalidToken.SecretID)
+	code := cmd.Run([]string{"-address=" + url})
+	assert.Equal(1, code)
+
+	// Fetch info on a token with a valid token
+	os.Setenv("NOMAD_TOKEN", mockToken.SecretID)
+	code = cmd.Run([]string{"-address=" + url})
+	assert.Equal(0, code)
+
+	// Check the output
+	out := ui.OutputWriter.String()
+	if !strings.Contains(out, mockToken.AccessorID) {
+		t.Fatalf("bad: %v", out)
+	}
+}
--- a/command/namespace_list_test.go
+++ b/command/namespace_list_test.go
@@ -58,7 +58,6 @@ func TestNamespaceListCommand_List(t *testing.T) {
 	ui.OutputWriter.Reset()

 	// List json
-	t.Log(url)
 	if code := cmd.Run([]string{"-address=" + url, "-json"}); code != 0 {
 		t.Fatalf("expected exit 0, got: %d; %v", code, ui.ErrorWriter.String())
 	}
--- a/commands.go
+++ b/commands.go
@@ -56,6 +56,11 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
 				Meta: meta,
 			}, nil
 		},
+		"acl policy list": func() (cli.Command, error) {
+			return &command.ACLPolicyListCommand{
+				Meta: meta,
+			}, nil
+		},
 		"acl token": func() (cli.Command, error) {
 			return &command.ACLTokenCommand{
 				Meta: meta,
@@ -81,6 +86,11 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory {
 				Meta: meta,
 			}, nil
 		},
+		"acl token self": func() (cli.Command, error) {
+			return &command.ACLTokenSelfCommand{
+				Meta: meta,
+			}, nil
+		},
 		"alloc-status": func() (cli.Command, error) {
 			return &command.AllocStatusCommand{
 				Meta: meta,
--- a/website/source/api/acl-tokens.html.md
+++ b/website/source/api/acl-tokens.html.md
@@ -289,7 +289,7 @@ The table below shows this endpoint's support for

 ```text
 $ curl \
-    --header "X-Nomad-Token: 8176afd3-772d-0b71-8f85-7fa5d903e9d4"
+    --header "X-Nomad-Token: 8176afd3-772d-0b71-8f85-7fa5d903e9d4" \
    https://nomad.rocks/v1/acl/token/self
 ```

--- a/website/source/docs/commands/acl.html.md.erb
+++ b/website/source/docs/commands/acl.html.md.erb
@@ -23,17 +23,20 @@ subcommands are available:
 * [`acl policy apply`][policyapply] - Create or update ACL policies
 * [`acl policy delete`][policydelete] - Delete an existing ACL policies
 * [`acl policy info`][policyinfo] - Fetch information on an existing ACL policy
+* [`acl policy list`][policylist] - List available ACL policies
 * [`acl token create`][tokencreate] - Create new ACL token
-* [`acl token update`][tokenupdate] - Update existing ACL token
 * [`acl token delete`][tokendelete] - Delete an existing ACL token
 * [`acl token info`][tokeninfo] - Get info on an existing ACL token
+* [`acl token self`][tokenself] - Get info on self ACL token
+* [`acl token update`][tokenupdate] - Update existing ACL token

 [bootstrap]: /docs/commands/acl/bootstrap.html
 [policyapply]: /docs/commands/acl/policy-apply.html
 [policydelete]: /docs/commands/acl/policy-delete.html
 [policyinfo]: /docs/commands/acl/policy-info.html
+[policylist]: /docs/commands/acl/policy-list.html
 [tokencreate]: /docs/commands/acl/token-create.html
 [tokenupdate]: /docs/commands/acl/token-update.html
 [tokendelete]: /docs/commands/acl/token-delete.html
 [tokeninfo]: /docs/commands/acl/token-info.html
-
+[tokenself]: /docs/commands/acl/token-self.html
--- a/website/source/docs/commands/acl/policy-info.html.md.erb
+++ b/website/source/docs/commands/acl/policy-info.html.md.erb
@@ -3,8 +3,8 @@ layout: "docs"
 page_title: "Commands: acl policy info"
 sidebar_current: "docs-commands-acl-policy-info"
 description: >
-The policy info command is used to fetch information on an existing ACL
-policy.
+  The policy info command is used to fetch information on an existing ACL
+  policy.
 ---

 # Command: acl policy info
--- a/website/source/docs/commands/acl/policy-list.html.md.erb
+++ b/website/source/docs/commands/acl/policy-list.html.md.erb
@@ -0,0 +1,38 @@
+---
+layout: "docs"
+page_title: "Commands: acl policy list"
+sidebar_current: "docs-commands-acl-policy-list"
+description: >
+  The policy list command is used to list available ACL policies.
+---
+
+# Command: acl policy info
+
+The `acl policy list` command is used to list available ACL policies.
+
+## Usage
+
+```
+nomad acl policy list
+```
+
+## General Options
+
+<%= partial "docs/commands/_general_options" %>
+#
+## List Options
+
+* `-json` : Output the namespaces in their JSON format.
+
+* `-t` : Format and display the namespaces using a Go template.
+
+## Examples
+
+List all ACL policies:
+
+```
+$ nomad acl policy list
+Name        Description
+default-ns  Write access to the default namespace
+node-read   Node read access
+```
--- a/website/source/docs/commands/acl/token-self.html.md.erb
+++ b/website/source/docs/commands/acl/token-self.html.md.erb
@@ -0,0 +1,41 @@
+---
+layout: "docs"
+page_title: "Commands: acl token self"
+sidebar_current: "docs-commands-acl-token-self"
+description: >
+  The token self command is used to fetch information about the currently set
+  ACL token.
+---
+
+# Command: acl token self
+
+The `acl token self` command is used to fetch information about the currently set ACL token.
+
+## Usage
+
+```
+nomad acl token self
+```
+
+## General Options
+
+<%= partial "docs/commands/_general_options" %>
+
+## Examples
+
+Fetch information about an existing ACL token:
+
+```
+$ export NOMAD_TOKEN=d532c40a-30f1-695c-19e5-c35b882b0efd
+
+$ nomad acl tokenjself
+Accessor ID  = d532c40a-30f1-695c-19e5-c35b882b0efd
+Secret ID    = 85310d07-9afa-ef53-0933-0c043cd673c7
+Name         = my token
+Type         = client
+Global       = false
+Policies     = [foo bar]
+Create Time  = 2017-09-15 05:04:41.814954949 +0000 UTC
+Create Index = 8
+Modify Index = 8
+```
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -179,9 +179,30 @@
              <li<%= sidebar_current("docs-commands-acl-policy-apply") %>>
                <a href="/docs/commands/acl/policy-apply.html">acl policy apply</a>
              </li>
+              <li<%= sidebar_current("docs-commands-acl-policy-delete") %>>
+                <a href="/docs/commands/acl/policy-delete.html">acl policy delete</a>
+              </li>
+              <li<%= sidebar_current("docs-commands-acl-policy-info") %>>
+                <a href="/docs/commands/acl/policy-info.html">acl policy info</a>
+              </li>
+              <li<%= sidebar_current("docs-commands-acl-policy-list") %>>
+                <a href="/docs/commands/acl/policy-list.html">acl policy list</a>
+              </li>
              <li<%= sidebar_current("docs-commands-acl-token-create") %>>
                <a href="/docs/commands/acl/token-create.html">acl token create</a>
              </li>
+              <li<%= sidebar_current("docs-commands-acl-token-delete") %>>
+                <a href="/docs/commands/acl/token-delete.html">acl token delete</a>
+              </li>
+              <li<%= sidebar_current("docs-commands-acl-token-info") %>>
+                <a href="/docs/commands/acl/token-info.html">acl token info</a>
+              </li>
+              <li<%= sidebar_current("docs-commands-acl-token-self") %>>
+                <a href="/docs/commands/acl/token-self.html">acl token self</a>
+              </li>
+              <li<%= sidebar_current("docs-commands-acl-token-update") %>>
+                <a href="/docs/commands/acl/token-update.html">acl token update</a>
+              </li>
            </ul>
          </li>
          <li<%= sidebar_current("docs-commands-_agent") %>>