Support external servers

* Add -bootstrap-token-file to provide your own bootstrap token. If provided, server-acl-init will skip ACL bootstrapping of the servers and will not update server policies and set tokens. * The -server-address flag now can also be a cloud auto-join string. This enables us to re-use the same string you would use for retry-join.
hashicorp · Apr 9, 2020 · 8e1fa78 · 8e1fa78
1 parent 4a33ffa
commit 8e1fa78
Show file tree

Hide file tree

Showing 8 changed files with 342 additions and 102 deletions.
diff --git a/helper/go-discover/discover.go b/helper/go-discover/discover.go
@@ -0,0 +1,61 @@
+package godiscover
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/consul-k8s/version"
+	"github.com/hashicorp/go-discover"
+	discoverk8s "github.com/hashicorp/go-discover/provider/k8s"
+	"github.com/hashicorp/go-hclog"
+)
+
+// ConsulServerAddresses uses go-discover to discover Consul servers
+// provided by the 'discoverString' and returns them.
+func ConsulServerAddresses(discoverString string, providers map[string]discover.Provider, logger hclog.Logger) ([]string, error) {
+	// If it's a cloud-auto join string, discover server addresses through the cloud provider.
+	// This code was adapted from
+	// https://github.com/hashicorp/consul/blob/c5fe112e59f6e8b03159ec8f2dbe7f4a026ce823/agent/retry_join.go#L55-L89.
+	disco, err := newDiscover(providers)
+	if err != nil {
+		return nil, err
+	}
+	logger.Debug("using cloud auto-join", "server-addr", discoverString)
+	servers, err := disco.Addrs(discoverString, logger.StandardLogger(&hclog.StandardLoggerOptions{
+		InferLevels: true,
+	}))
+	if err != nil {
+		return nil, err
+	}
+
+	// check if we discovered any servers
+	if len(servers) == 0 {
+		return nil, fmt.Errorf("could not discover any Consul servers with %q", discoverString)
+	}
+
+	logger.Debug("discovered servers", "servers", strings.Join(servers, " "))
+
+	return servers, nil
+}
+
+// newDiscover initializes the new Discover object
+// set up with all predefined providers, as well as
+// the k8s provider.
+// This code was adapted from
+// https://github.com/hashicorp/consul/blob/c5fe112e59f6e8b03159ec8f2dbe7f4a026ce823/agent/retry_join.go#L42-L53
+func newDiscover(providers map[string]discover.Provider) (*discover.Discover, error) {
+	if providers == nil {
+		providers = make(map[string]discover.Provider)
+	}
+
+	for k, v := range discover.Providers {
+		providers[k] = v
+	}
+	providers["k8s"] = &discoverk8s.Provider{}
+
+	userAgent := fmt.Sprintf("consul-k8s/%s (https://www.consul.io/)", version.GetHumanVersion())
+	return discover.New(
+		discover.WithUserAgent(userAgent),
+		discover.WithProviders(providers),
+	)
+}
diff --git a/subcommand/get-consul-client-ca/command.go b/subcommand/get-consul-client-ca/command.go
@@ -10,11 +10,10 @@ import (
 	"time"
 
 	"github.com/cenkalti/backoff"
-	"github.com/hashicorp/consul-k8s/version"
+	godiscover "github.com/hashicorp/consul-k8s/helper/go-discover"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/command/flags"
 	"github.com/hashicorp/go-discover"
-	discoverk8s "github.com/hashicorp/go-discover/provider/k8s"
 	"github.com/hashicorp/go-hclog"
 	"github.com/mitchellh/cli"
 )
@@ -175,27 +174,10 @@ func (c *Command) consulServerAddr(logger hclog.Logger) (string, error) {
 		return fmt.Sprintf("%s:%s", c.flagServerAddr, c.flagServerPort), nil
 	}
 
-	// If it's a cloud-auto join string, discover server addresses through the cloud provider.
-	// This code was adapted from
-	// https://github.com/hashicorp/consul/blob/c5fe112e59f6e8b03159ec8f2dbe7f4a026ce823/agent/retry_join.go#L55-L89.
-	disco, err := c.newDiscover()
+	servers, err := godiscover.ConsulServerAddresses(c.flagServerAddr, c.providers, logger)
 	if err != nil {
 		return "", err
 	}
-	logger.Debug("using cloud auto-join", "server-addr", c.flagServerAddr)
-	servers, err := disco.Addrs(c.flagServerAddr, logger.StandardLogger(&hclog.StandardLoggerOptions{
-		InferLevels: true,
-	}))
-	if err != nil {
-		return "", err
-	}
-
-	// check if we discovered any servers
-	if len(servers) == 0 {
-		return "", fmt.Errorf("could not discover any Consul servers with %q", c.flagServerAddr)
-	}
-
-	logger.Debug("discovered servers", "servers", strings.Join(servers, " "))
 
 	// Pick the first server from the list,
 	// ignoring the port since we need to use HTTP API
@@ -204,28 +186,6 @@ func (c *Command) consulServerAddr(logger hclog.Logger) (string, error) {
 	return fmt.Sprintf("%s:%s", firstServer, c.flagServerPort), nil
 }
 
-// newDiscover initializes the new Discover object
-// set up with all predefined providers, as well as
-// the k8s provider.
-// This code was adapted from
-// https://github.com/hashicorp/consul/blob/c5fe112e59f6e8b03159ec8f2dbe7f4a026ce823/agent/retry_join.go#L42-L53
-func (c *Command) newDiscover() (*discover.Discover, error) {
-	if c.providers == nil {
-		c.providers = make(map[string]discover.Provider)
-	}
-
-	for k, v := range discover.Providers {
-		c.providers[k] = v
-	}
-	c.providers["k8s"] = &discoverk8s.Provider{}
-
-	userAgent := fmt.Sprintf("consul-k8s/%s (https://www.consul.io/)", version.GetHumanVersion())
-	return discover.New(
-		discover.WithUserAgent(userAgent),
-		discover.WithProviders(c.providers),
-	)
-}
-
 // getActiveRoot returns the currently active root
 // from the roots list, otherwise returns error.
 func getActiveRoot(roots *api.CARootList) (string, error) {

diff --git a/subcommand/server-acl-init/anonymous_token.go b/subcommand/server-acl-init/anonymous_token.go
@@ -9,7 +9,7 @@ import (
 func (c *Command) configureAnonymousPolicy(consulClient *api.Client) error {
 	anonRules, err := c.anonymousTokenRules()
 	if err != nil {
-		c.Log.Error("Error templating anonymous token rules", "err", err)
+		c.log.Error("Error templating anonymous token rules", "err", err)
 		return err
 	}