Skip to content
This repository was archived by the owner on Apr 15, 2024. It is now read-only.

Commit 1a03980

Browse files
cableheadcablehead
committed
add acl token support to agent.check.register and agent.service.register
1 parent 6b8dc1a commit 1a03980

3 files changed

Lines changed: 38 additions & 0 deletions

File tree

consul/base.py

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -602,6 +602,7 @@ def register(
602602
port=None,
603603
tags=None,
604604
check=None,
605+
token=None,
605606
# *deprecated* use check parameter
606607
script=None,
607608
interval=None,
@@ -625,6 +626,10 @@ def register(
625626
An optional health *check* can be created for this service is
626627
one of `Check.script`_, `Check.http`_, or `Check.ttl`_.
627628
629+
*token* is an optional `ACL token`_ to apply to this request.
630+
Note this call will return successful even if the token doesn't
631+
have permissions to register this service.
632+
628633
*script*, *interval*, *ttl*, *http*, and *timeout* arguments
629634
are deprecated. use *check* instead.
630635
"""
@@ -649,9 +654,15 @@ def register(
649654
http=http,
650655
timeout=timeout))
651656

657+
params = {}
658+
token = token or self.agent.token
659+
if token:
660+
params['token'] = token
661+
652662
return self.agent.http.put(
653663
lambda x: x.code == 200,
654664
'/v1/agent/service/register',
665+
params=params,
655666
data=json.dumps(payload))
656667

657668
def deregister(self, service_id):
@@ -701,6 +712,7 @@ def register(
701712
check_id=None,
702713
notes=None,
703714
service_id=None,
715+
token=None,
704716
# *deprecated* use check parameter
705717
script=None,
706718
interval=None,
@@ -726,6 +738,10 @@ def register(
726738
Optionally, a *service_id* can be specified to associate a
727739
registered check with an existing service.
728740
741+
*token* is an optional `ACL token`_ to apply to this request.
742+
Note this call will return successful even if the token doesn't
743+
have permissions to register this check.
744+
729745
*script*, *interval*, *ttl*, *http*, and *timeout* arguments
730746
are deprecated. use *check* instead.
731747
@@ -754,9 +770,15 @@ def register(
754770
if service_id:
755771
payload['serviceid'] = service_id
756772

773+
params = {}
774+
token = token or self.agent.token
775+
if token:
776+
params['token'] = token
777+
757778
return self.agent.http.put(
758779
lambda x: x.code == 200,
759780
'/v1/agent/check/register',
781+
params=params,
760782
data=json.dumps(payload))
761783

762784
def deregister(self, check_id):

tests/consul.osx

375 KB
Binary file not shown.

tests/test_std.py

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -680,6 +680,12 @@ def test_acl_explict_token_use(self, acl_consul):
680680
key "private/" {
681681
policy = "deny"
682682
}
683+
service "foo-" {
684+
policy = "write"
685+
}
686+
service "bar-" {
687+
policy = "read"
688+
}
683689
"""
684690

685691
token = c.acl.create(rules=rules, token=master_token)
@@ -712,7 +718,17 @@ def test_acl_explict_token_use(self, acl_consul):
712718
consul.ACLPermissionDenied,
713719
c.kv.delete, 'private/foo', token=token)
714720

721+
# test token pass through for service registration
722+
c.agent.service.register("bar-1", token=token)
723+
c.agent.service.register("foo-1", token=token)
724+
index, data = c.health.service('foo-1')
725+
assert data
726+
index, data = c.health.service('bar-1')
727+
assert not data
728+
715729
# clean up
730+
assert c.agent.service.deregister('foo-1') is True
731+
assert c.agent.service.deregister('bar-1') is True
716732
c.acl.destroy(token, token=master_token)
717733
acls = c.acl.list(token=master_token)
718734
assert set([x['ID'] for x in acls]) == \

0 commit comments

Comments
 (0)