kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

cli: Fix a bug where self token lookups via token CLI flag failed. (#26183)

Browse Source 
The meta client looks for both an environment variable and a CLI
flag when generating a client. The CLI UUID checker needs to do
this also, so we account for users using both env vars and CLI
flag tokens.
This commit is contained in:
James Rasell
2025-07-03 14:50:42 +02:00
committed by GitHub
parent ae47231304
commit d6757609dc
3 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/26183.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
cli: Fixed a bug where the `acl token self` command only performed lookups for tokens set as environment variables and not by the `-token` flag.
```

21
command/acl_token_self.go
View File

@@ -65,15 +65,26 @@ func (c *ACLTokenSelfCommand) Run(args []string) int {
return 1 return 1
} }
// Check what kind of token we have available // To get the authentication token, we must perform the same steps as the
envToken := os.Getenv("NOMAD_TOKEN") // command meta and API client perform. This is because the token may be set
if envToken == "" { // as an environment variable or as a CLI flag.
c.Ui.Error("No token present in the environment") //
// The environment variable is grabbed first. If this is not set, the
// resulting string is empty.
authToken := os.Getenv("NOMAD_TOKEN")
// If the CLI flag is set, it will override the environment variable.
if c.token != "" {
authToken = c.token
}
if authToken == "" {
c.Ui.Error("No token present in the environment or set via the CLI flag")
return 1 return 1
} }
// Does this look like a Nomad ACL token? // Does this look like a Nomad ACL token?
if helper.IsUUID(envToken) { if helper.IsUUID(authToken) {
token, _, err := client.ACLTokens().Self(nil) token, _, err := client.ACLTokens().Self(nil)
if err != nil { if err != nil {
c.Ui.Error(fmt.Sprintf("Error fetching self token: %s", err)) c.Ui.Error(fmt.Sprintf("Error fetching self token: %s", err))

31
command/acl_token_self_test.go
View File

@@ -53,3 +53,34 @@ func TestACLTokenSelfCommand_ViaEnvVar(t *testing.T) {
out := ui.OutputWriter.String() out := ui.OutputWriter.String()
must.StrContains(t, out, mockToken.AccessorID) must.StrContains(t, out, mockToken.AccessorID)
} }
func TestACLTokenSelfCommand_ViaFlag(t *testing.T) {
config := func(c *agent.Config) {
c.ACL.Enabled = true
}
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
state := srv.Agent.Server().State()
// Bootstrap an initial ACL token
token := srv.RootToken
must.NotNil(t, token)
ui := cli.NewMockUi()
cmd := &ACLTokenSelfCommand{Meta: Meta{Ui: ui, flagAddress: url}}
// Create a valid token
mockToken := mock.ACLToken()
mockToken.Policies = []string{acl.PolicyWrite}
mockToken.SetHash()
must.NoError(t, state.UpsertACLTokens(structs.MsgTypeTestSetup, 1000, []*structs.ACLToken{mockToken}))
// Fetch info on a token with a valid token
code := cmd.Run([]string{"-address=" + url, "-token=" + mockToken.SecretID})
must.Zero(t, code)
// Check the output
must.StrContains(t, ui.OutputWriter.String(), mockToken.AccessorID)
}