consulacls

package
v1.2.16-changelog Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2023 License: MPL-2.0 Imports: 9 Imported by: 0

README

Configure Consul ACLs

This directory contains a set of scripts for re-configuring Consul in the TF provisioned e2e environment to enable Consul ACLs.

Usage

The consul-acls-manage.sh script can be used to manipulate the Consul cluster to activate or de-activate Consul ACLs. There are 3 targets into the script, only 2 of which should be used from e2e framework tests. The script should be run from the e2e directory (i.e. the directory from wich the e2e framework also runs).

bootstrap

The command consul-acls-manage.sh bootstrap should NOT be used from e2e framework tests. It's merely a convenience entry-point for doing development / debugging on the script itself.

The bootstrap process will upload "reasonable" ACL policy files to Consul Servers, Consul Clients, Nomad Servers, and Nomad Clients.

The bootstrap process creates a file on local disk which contains the generated Consul ACL master token. The file is named based on the current TF state file serial number. /tmp/e2e-consul-bootstrap-<serial>.token

enable

The command consul-acls-manage.sh enable will enable Consul ACLs, going through the bootstrap process only if necessary. Whether the bootstrap process is necessary depends on the existence of a token file that matches the current TF state serial number. If no associated token file exists for the current TF state, the bootstrap process is required. Otherwise, the bootstrap process is skipped.

If the bootstrap process was not required (i.e. it already occurred and a Consul master token already exists for the current TF state), the script will activate ACLs in the Consul Server configurations and restart those agents. After using enable, the disable command can be used to turn Consul ACLs back off, without destroying any of the existing ACL configuration.

disable

The command consul-acls-manage.sh disable will disable Consul ACLs. This does not "cleanup" the policy files for Consul / Nomad agents, it merely deactivates ACLs in the Consul Server configurations and restarts those agents. After using disable, the enable command can be used to turn Consul ACLs back on, using the same ACL token(s) generated before.

Documentation

Index

Constants

View Source
const DefaultTFStateFile = "terraform/terraform.tfstate"

DefaultTFStateFile is the location of the TF state file, as created for the e2e test framework. This file is used to extract the TF serial number, which is used to determine whether the consul bootstrap process is necessary or has already taken place.

Variables

This section is empty.

Functions

func New

func New(tfStateFile string) (*tfManager, error)

Types

type Manager

type Manager interface {
	// Enable Consul ACLs in the Consul cluster. The Consul ACL master token
	// associated with the Consul cluster is returned.
	//
	// A complete bootstrap process will take place if necessary.
	//
	// Once enabled, Consul ACLs can be disabled with Disable.
	Enable(t *testing.T) string

	// Disable Consul ACLs in the Consul Cluster.
	//
	// Once disabled, Consul ACLs can be re-enabled with Enable.
	Disable(t *testing.T)
}

A Manager is used to manipulate whether Consul ACLs are enabled or disabled. Only works with TF provisioned clusters.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL