Skip to content

ACL Node Identities#7970

Merged
mkeeler merged 1 commit into
masterfrom
feature/acl-node-identity
Jun 16, 2020
Merged

ACL Node Identities#7970
mkeeler merged 1 commit into
masterfrom
feature/acl-node-identity

Conversation

@mkeeler
Copy link
Copy Markdown
Member

@mkeeler mkeeler commented May 28, 2020
edited
Loading

A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of the changes in this PR are for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.

There is also a second commit in this PR to address some arm build issues where Gos builtin linker was having trouble linking Consul when CGO is enabled. We might be able to get rid of CGO now that a bug causing a crash on ARM was fixed in go 1.14. For the time being though, setting -linkmode=external will cause Go to use the systems linker which is more robust and can handle our binary perfectly well.

@mkeeler mkeeler force-pushed the feature/acl-node-identity branch 6 times, most recently from 243348f to dfe90f3 Compare June 2, 2020 16:31
rboyer
rboyer approved these changes Jun 2, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@rboyer rboyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mkeeler mkeeler force-pushed the feature/acl-node-identity branch 2 times, most recently from ce40ebb to 1ad948a Compare June 3, 2020 16:41
@mkeeler
Add ACL Node Identities
937deb7 
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
@mkeeler mkeeler force-pushed the feature/acl-node-identity branch from 1ad948a to 937deb7 Compare June 10, 2020 20:57
@mkeeler mkeeler merged commit d3881dd into master Jun 16, 2020
@mkeeler mkeeler deleted the feature/acl-node-identity branch June 16, 2020 16:54
hashicorp-ci pushed a commit that referenced this pull request Jun 16, 2020
@mkeeler @hashicorp-ci
ACL Node Identities (#7970)
3c4413c 
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
@johncowen johncowen mentioned this pull request Jun 17, 2020
Merged
freddygv added a commit that referenced this pull request Jun 18, 2020
@freddygv
Revert "ACL Node Identities (#7970)"
96ec059 
This reverts commit d3881dd.
@johncowen johncowen mentioned this pull request Jul 20, 2020
Merged
@wolfmd wolfmd mentioned this pull request Aug 14, 2020
Closed
blake added a commit that referenced this pull request Sep 12, 2020
@blake
docs: Add -node-identity option to token and role command
11124ad 
Document `-node-identity` option which was added in #7970 for
`acl token <create|update>` and `acl role <create|update>` commands.
@blake blake mentioned this pull request Sep 12, 2020
Merged
blake added a commit that referenced this pull request Sep 15, 2020
@blake
docs: Add -node-identity option to token and role command (#8671)
86e7274 
Document `-node-identity` option which was added in #7970 for
`acl token <create|update>` and `acl role <create|update>` commands.
hashicorp-ci pushed a commit that referenced this pull request Sep 15, 2020
@blake @hashicorp-ci
docs: Add -node-identity option to token and role command (#8671)
89f4b37 
Document `-node-identity` option which was added in #7970 for
`acl token <create|update>` and `acl role <create|update>` commands.
hashicorp-ci pushed a commit that referenced this pull request Sep 15, 2020
@blake @hashicorp-ci
docs: Add -node-identity option to token and role command (#8671)
ed39172 
Document `-node-identity` option which was added in #7970 for
`acl token <create|update>` and `acl role <create|update>` commands.
@blake blake mentioned this pull request Oct 27, 2020
Closed
@dependabot dependabot Bot mentioned this pull request Mar 14, 2021
Closed
@mikemorris mikemorris mentioned this pull request Jul 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rboyer rboyer rboyer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mkeeler @rboyer