From 730c5ad457174d06cfffcfeef7ccb45015ca1841 Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 15 Sep 2017 15:40:23 +0000 Subject: [PATCH 1/5] adds ACL token delete --- command/acl_token_delete.go | 75 +++++++++++++++++++ command/acl_token_delete_test.go | 58 ++++++++++++++ website/source/docs/commands/acl.html.md.erb | 2 + .../commands/acl/token-delete.html.md.erb | 33 ++++++++ 4 files changed, 168 insertions(+) create mode 100644 command/acl_token_delete.go create mode 100644 command/acl_token_delete_test.go create mode 100644 website/source/docs/commands/acl/token-delete.html.md.erb diff --git a/command/acl_token_delete.go b/command/acl_token_delete.go new file mode 100644 index 000000000..f08321b12 --- /dev/null +++ b/command/acl_token_delete.go @@ -0,0 +1,75 @@ +package command + +import ( + "fmt" + "strings" + + "github.com/posener/complete" +) + +type ACLTokenDeleteCommand struct { + Meta +} + +func (c *ACLTokenDeleteCommand) Help() string { + helpText := ` +Usage: nomad acl token delete [options] + +Delete is used to delete existing ACL tokens. Requires a management token. + +General Options: + + ` + generalOptionsUsage() + + return strings.TrimSpace(helpText) +} + +func (c *ACLTokenDeleteCommand) AutocompleteFlags() complete.Flags { + return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient), + complete.Flags{}) +} + +func (c *ACLTokenDeleteCommand) AutocompleteArgs() complete.Predictor { + return complete.PredictNothing +} + +func (c *ACLTokenDeleteCommand) Synopsis() string { + return "Delete an existing ACL token" +} + +func (c *ACLTokenDeleteCommand) Run(args []string) int { + flags := c.Meta.FlagSet("acl token delete", FlagSetClient) + flags.Usage = func() { c.Ui.Output(c.Help()) } + + if err := flags.Parse(args); err != nil { + return 1 + } + + // Check that the last argument is the token to delete. Return error if no + // such token was provided. + args = flags.Args() + if l := len(args); l != 1 { + c.Ui.Error(c.Help()) + return 1 + } + + tokenAccessorID := args[0] + + // Get the HTTP client + client, err := c.Meta.Client() + if err != nil { + c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err)) + return 1 + } + + // Delete the specified token + _, err = client.ACLTokens().Delete(tokenAccessorID, nil) + if err != nil { + c.Ui.Error(fmt.Sprintf("Error deleting token: %s", err)) + return 1 + } + + // Format the output + c.Ui.Output(fmt.Sprintf("Token %s successfully deleted", tokenAccessorID)) + return 0 +} diff --git a/command/acl_token_delete_test.go b/command/acl_token_delete_test.go new file mode 100644 index 000000000..e04ccb140 --- /dev/null +++ b/command/acl_token_delete_test.go @@ -0,0 +1,58 @@ +package command + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/hashicorp/nomad/acl" + "github.com/hashicorp/nomad/command/agent" + "github.com/hashicorp/nomad/nomad/mock" + "github.com/hashicorp/nomad/nomad/structs" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/assert" +) + +func TestACLTokenDeleteCommand_ViaEnvVariable(t *testing.T) { + assert := assert.New(t) + t.Parallel() + config := func(c *agent.Config) { + c.ACL.Enabled = true + } + + srv, _, url := testServer(t, true, config) + defer srv.Shutdown() + + // Bootstrap an initial ACL token + token := srv.Token + assert.NotNil(token, "failed to bootstrap ACL token") + + ui := new(cli.MockUi) + cmd := &ACLTokenDeleteCommand{Meta: Meta{Ui: ui, flagAddress: url}} + state := srv.Agent.Server().State() + + // Create a valid token + mockToken := mock.ACLToken() + token.Policies = []string{acl.PolicyWrite} + token.SetHash() + assert.Nil(state.UpsertACLTokens(1000, []*structs.ACLToken{token})) + + // Attempt to delete a token without providing a valid token with delete + // permissions + os.Setenv("NOMAD_TOKEN", "foo") + code := cmd.Run([]string{"-address=" + url, mockToken.AccessorID}) + assert.Equal(1, code) + + // Delete a token using a valid management token set via an environment + // variable + os.Setenv("NOMAD_TOKEN", token.SecretID) + code = cmd.Run([]string{"-address=" + url, mockToken.AccessorID}) + assert.Equal(0, code) + + // Check the output + out := ui.OutputWriter.String() + if !strings.Contains(out, fmt.Sprintf("Token %s successfully deleted", mockToken.AccessorID)) { + t.Fatalf("bad: %v", out) + } +} diff --git a/website/source/docs/commands/acl.html.md.erb b/website/source/docs/commands/acl.html.md.erb index bf27ac151..63c7701bc 100644 --- a/website/source/docs/commands/acl.html.md.erb +++ b/website/source/docs/commands/acl.html.md.erb @@ -22,8 +22,10 @@ subcommands are available: * [`acl bootstrap`][bootstrap] - Bootstrap the initial ACL token * [`acl policy apply`][policyapply] - Create or update ACL policies * [`acl token create`][tokencreate] - Create new ACL token +* [`acl token delete`][tokendelete] - Delete an existing ACL token [bootstrap]: /docs/commands/acl/bootstrap.html [policyapply]: /docs/commands/acl/policy-apply.html [tokencreate]: /docs/commands/acl/token-create.html +[tokendelete]: /docs/commands/acl/token-delete.html diff --git a/website/source/docs/commands/acl/token-delete.html.md.erb b/website/source/docs/commands/acl/token-delete.html.md.erb new file mode 100644 index 000000000..f9877a8eb --- /dev/null +++ b/website/source/docs/commands/acl/token-delete.html.md.erb @@ -0,0 +1,33 @@ +--- +layout: "docs" +page_title: "Commands: acl token delete" +sidebar_current: "docs-commands-acl-token-delete" +description: > + The token create command is used to delete existing ACL tokens. +--- + +# Command: acl token delete + +The `acl token delete` command is used to delete existing ACL tokens. + +## Usage + +``` +nomad acl token delete +``` + +The `acl token delete` command requires an existing token's AccessorID. + +## General Options + +<%= partial "docs/commands/_general_options" %> + +## Examples + +Delete an existing ACL token: + +``` +$ nomad acl token delete d532c40a-30f1-695c-19e5-c35b882b0efd + +Token d532c40a-30f1-695c-19e5-c35b882b0efd successfully deleted +``` From 7f989249aceb432d43ef824e878cd55d52b1f70c Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 15 Sep 2017 16:29:46 +0000 Subject: [PATCH 2/5] add delete command to comamands list --- commands.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/commands.go b/commands.go index 36321fc7e..ed052f0e2 100644 --- a/commands.go +++ b/commands.go @@ -56,6 +56,11 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory { Meta: meta, }, nil }, + "acl token delete": func() (cli.Command, error) { + return &command.ACLTokenDeleteCommand{ + Meta: meta, + }, nil + }, "alloc-status": func() (cli.Command, error) { return &command.AllocStatusCommand{ Meta: meta, From 82463a32daedf8c2fad4a450bb821edea68491a2 Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 15 Sep 2017 23:01:00 +0000 Subject: [PATCH 3/5] fixup helptext for acl cli delete --- command/acl_token_delete.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/acl_token_delete.go b/command/acl_token_delete.go index f08321b12..445465f72 100644 --- a/command/acl_token_delete.go +++ b/command/acl_token_delete.go @@ -15,7 +15,7 @@ func (c *ACLTokenDeleteCommand) Help() string { helpText := ` Usage: nomad acl token delete [options] -Delete is used to delete existing ACL tokens. Requires a management token. +Delete is used to delete an existing ACL token. Requires a management token. General Options: From d5748ec05f8a30bf67d3e80aea2918123385198e Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 15 Sep 2017 23:13:45 +0000 Subject: [PATCH 4/5] fix up test data --- command/acl_token_delete_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/command/acl_token_delete_test.go b/command/acl_token_delete_test.go index e04ccb140..b6e3c7c9d 100644 --- a/command/acl_token_delete_test.go +++ b/command/acl_token_delete_test.go @@ -34,9 +34,9 @@ func TestACLTokenDeleteCommand_ViaEnvVariable(t *testing.T) { // Create a valid token mockToken := mock.ACLToken() - token.Policies = []string{acl.PolicyWrite} - token.SetHash() - assert.Nil(state.UpsertACLTokens(1000, []*structs.ACLToken{token})) + mockToken.Policies = []string{acl.PolicyWrite} + mockToken.SetHash() + assert.Nil(state.UpsertACLTokens(1000, []*structs.ACLToken{mockToken})) // Attempt to delete a token without providing a valid token with delete // permissions From 26a6e98cd0413f637c3078c05203522cc5d1d4b3 Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Sat, 16 Sep 2017 00:31:11 +0000 Subject: [PATCH 5/5] update documentation --- command/acl_token_delete.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/acl_token_delete.go b/command/acl_token_delete.go index 445465f72..055fe7033 100644 --- a/command/acl_token_delete.go +++ b/command/acl_token_delete.go @@ -13,7 +13,7 @@ type ACLTokenDeleteCommand struct { func (c *ACLTokenDeleteCommand) Help() string { helpText := ` -Usage: nomad acl token delete [options] +Usage: nomad acl token delete Delete is used to delete an existing ACL token. Requires a management token.