diff --git a/command/acl_policy_delete.go b/command/acl_policy_delete.go new file mode 100644 index 000000000..7481cf486 --- /dev/null +++ b/command/acl_policy_delete.go @@ -0,0 +1,74 @@ +package command + +import ( + "fmt" + "strings" + + "github.com/posener/complete" +) + +type ACLPolicyDeleteCommand struct { + Meta +} + +func (c *ACLPolicyDeleteCommand) Help() string { + helpText := ` +Usage: nomad acl policy delete [options] + +Delete is used to delete an existing ACL policy. + +General Options: + + ` + generalOptionsUsage() + + return strings.TrimSpace(helpText) +} + +func (c *ACLPolicyDeleteCommand) AutocompleteFlags() complete.Flags { + return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient), + complete.Flags{}) +} + +func (c *ACLPolicyDeleteCommand) AutocompleteArgs() complete.Predictor { + return complete.PredictNothing +} + +func (c *ACLPolicyDeleteCommand) Synopsis() string { + return "Delete an existing ACL policy" +} + +func (c *ACLPolicyDeleteCommand) Run(args []string) int { + flags := c.Meta.FlagSet("acl policy delete", FlagSetClient) + flags.Usage = func() { c.Ui.Output(c.Help()) } + if err := flags.Parse(args); err != nil { + return 1 + } + + // Check that we got exactly one argument + args = flags.Args() + if l := len(args); l != 1 { + c.Ui.Error(c.Help()) + return 1 + } + + // Get the policy name + policyName := args[0] + + // Get the HTTP client + client, err := c.Meta.Client() + if err != nil { + c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err)) + return 1 + } + + // Upsert the policy + _, err = client.ACLPolicies().Delete(policyName, nil) + if err != nil { + c.Ui.Error(fmt.Sprintf("Error deleting ACL policy: %s", err)) + return 1 + } + + c.Ui.Output(fmt.Sprintf("Successfully deleted %s policy!", + policyName)) + return 0 +} diff --git a/command/acl_policy_delete_test.go b/command/acl_policy_delete_test.go new file mode 100644 index 000000000..db7e16ad5 --- /dev/null +++ b/command/acl_policy_delete_test.go @@ -0,0 +1,59 @@ +package command + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/hashicorp/nomad/acl" + "github.com/hashicorp/nomad/command/agent" + "github.com/hashicorp/nomad/nomad/mock" + "github.com/hashicorp/nomad/nomad/structs" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/assert" +) + +func TestACLPolicyDeleteCommand(t *testing.T) { + assert := assert.New(t) + t.Parallel() + config := func(c *agent.Config) { + c.ACL.Enabled = true + } + + srv, _, url := testServer(t, true, config) + state := srv.Agent.Server().State() + defer srv.Shutdown() + + // Bootstrap an initial ACL token + token := srv.Token + assert.NotNil(token, "failed to bootstrap ACL token") + + // Create a test ACLPolicy + policy := &structs.ACLPolicy{ + Name: "testPolicy", + Rules: acl.PolicyWrite, + } + policy.SetHash() + assert.Nil(state.UpsertACLPolicies(1000, []*structs.ACLPolicy{policy})) + + ui := new(cli.MockUi) + cmd := &ACLPolicyDeleteCommand{Meta: Meta{Ui: ui, flagAddress: url}} + + // Delete the policy without a valid token fails + invalidToken := mock.ACLToken() + os.Setenv("NOMAD_TOKEN", invalidToken.SecretID) + code := cmd.Run([]string{"-address=" + url, policy.Name}) + assert.Equal(1, code) + + // Delete the policy with a valid management token + os.Setenv("NOMAD_TOKEN", token.SecretID) + code = cmd.Run([]string{"-address=" + url, policy.Name}) + assert.Equal(0, code) + + // Check the output + out := ui.OutputWriter.String() + if !strings.Contains(out, fmt.Sprintf("Successfully deleted %s policy", policy.Name)) { + t.Fatalf("bad: %v", out) + } +} diff --git a/website/source/docs/commands/acl.html.md.erb b/website/source/docs/commands/acl.html.md.erb index 63c7701bc..1b8e2b6b7 100644 --- a/website/source/docs/commands/acl.html.md.erb +++ b/website/source/docs/commands/acl.html.md.erb @@ -21,11 +21,13 @@ subcommands are available: * [`acl bootstrap`][bootstrap] - Bootstrap the initial ACL token * [`acl policy apply`][policyapply] - Create or update ACL policies +* [`acl policy delete`][policydelete] - Delete an existing ACL policies * [`acl token create`][tokencreate] - Create new ACL token * [`acl token delete`][tokendelete] - Delete an existing ACL token [bootstrap]: /docs/commands/acl/bootstrap.html [policyapply]: /docs/commands/acl/policy-apply.html +[policydelete]: /docs/commands/acl/policy-delete.html [tokencreate]: /docs/commands/acl/token-create.html [tokendelete]: /docs/commands/acl/token-delete.html diff --git a/website/source/docs/commands/acl/policy-delete.html.md.erb b/website/source/docs/commands/acl/policy-delete.html.md.erb new file mode 100644 index 000000000..692adb902 --- /dev/null +++ b/website/source/docs/commands/acl/policy-delete.html.md.erb @@ -0,0 +1,32 @@ +--- +layout: "docs" +page_title: "Commands: acl policy delete" +sidebar_current: "docs-commands-acl-policy-delete" +description: > + The policy apply command is used to delete an existing ACL policies. +--- + +# Command: acl policy delete + +The `acl policy delete` command is used to delete an existing ACL policies. + +## Usage + +``` +nomad acl policy delete +``` + +The `acl policy delete` command requires the policy name as an argument. + +## General Options + +<%= partial "docs/commands/_general_options" %> + +## Examples + +Delete a new ACL Policy: + +``` +$ nomad acl policy delete my-policy +Successfully deleted 'my-policy' ACL policy! +```