Add initial ACL support to consul-rs

.github/workflows/main.yml

@@ -11,20 +11,20 @@ jobs:
   build:
     strategy:
       matrix:
-        features: [""]
+        features: ["", "acl"]
     runs-on: "ubuntu-latest"
     container: rust:1.86
 
     steps:
       - uses: actions/checkout@v2
 
       - name: Build
-        run: cargo build ${{ matrix.features }}
+        run: cargo build --features "${{ matrix.features }}"
 
   test:
     strategy:
       matrix:
-        features: [""]
+        features: ["", "acl"]
     runs-on: "ubuntu-latest"
     container: rust:1.86
     services:
@@ -33,7 +33,7 @@ jobs:
         env:
           # We pass the config as a JSON here to simulate one service with 3 nodes.
           # TODO: Ideally, we should use the same setup in local environment (`testdata/config.hcl`) in GHA test.
-          CONSUL_LOCAL_CONFIG: '{"acl": [{"default_policy": "allow", "enable_token_persistence": true, "enabled": true}], "services": [ {"address": "1.1.1.1", "checks": [], "id": "test-service-1", "name": "test-service", "port": 20001, "tags": ["first"]}, {"address": "2.2.2.2", "checks": [], "id": "test-service-2", "name": "test-service", "port": 20002, "tags": ["second"]}, {"address": "3.3.3.3", "checks": [], "id": "test-service-3", "name": "test-service", "port": 20003, "tags": ["third"]} ]}'
+          CONSUL_LOCAL_CONFIG: '{"acl":[{"enabled":true,"default_policy":"allow","enable_token_persistence":true,"tokens":[{"initial_management":"8fc9e787-674f-0709-cfd5-bfdabd73a70d"}]}],"services":[{"id":"test-service-1","name":"test-service","address":"1.1.1.1","port":20001,"checks":[],"tags":["first"]},{"id":"test-service-2","name":"test-service","address":"2.2.2.2","port":20002,"checks":[],"tags":["second"]},{"id":"test-service-3","name":"test-service","address":"3.3.3.3","port":20003,"checks":[],"tags":["third"]}]}'
 
     env:
       CONSUL_HTTP_ADDR: http://consul:8500
@@ -42,4 +42,4 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: Test
-        run: cargo test ${{ matrix.features }}
+        run: cargo test --features "${{ matrix.features }}"

.github/workflows/publish.yml

@@ -13,15 +13,17 @@ jobs:
         env:
           # We pass the config as a JSON here to simulate one service with 3 nodes.
           # TODO: Ideally, we should use the same setup in local environment (`testdata/config.hcl`) in GHA test.
-          CONSUL_LOCAL_CONFIG: '{"acl": [{"default_policy": "allow", "enable_token_persistence": true, "enabled": true}], "services": [ {"address": "1.1.1.1", "checks": [], "id": "test-service-1", "name": "test-service", "port": 20001, "tags": ["first"]}, {"address": "2.2.2.2", "checks": [], "id": "test-service-2", "name": "test-service", "port": 20002, "tags": ["second"]}, {"address": "3.3.3.3", "checks": [], "id": "test-service-3", "name": "test-service", "port": 20003, "tags": ["third"]} ]}'
+          CONSUL_LOCAL_CONFIG: '{"acl":[{"enabled":true,"default_policy":"allow","enable_token_persistence":true,"tokens":[{"initial_management":"8fc9e787-674f-0709-cfd5-bfdabd73a70d"}]}],"services":[{"id":"test-service-1","name":"test-service","address":"1.1.1.1","port":20001,"checks":[],"tags":["first"]},{"id":"test-service-2","name":"test-service","address":"2.2.2.2","port":20002,"checks":[],"tags":["second"]},{"id":"test-service-3","name":"test-service","address":"3.3.3.3","port":20003,"checks":[],"tags":["third"]}]}'
     env:
       CONSUL_HTTP_ADDR: http://consul:8500
-
+    strategy:
+      matrix:
+        features: ["", "acl"]
     steps:
       - uses: actions/checkout@v2
 
-      - name: Test
-        run: cargo test
+      - name: Tests
+        run: cargo test --features "${{ matrix.features }}"
 
   dry-run:
     runs-on: ubuntu-latest

.gitignore

@@ -11,3 +11,6 @@ Cargo.lock
 
 # Ignore auto-generated files from JetBrain products
 .idea/
+
+# Ignore .swp generated by vim
+**/*.swp

Cargo.toml

@@ -12,6 +12,7 @@ license = "MIT"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
 default = []
+acl = []
 metrics = []
 trace = ["dep:opentelemetry"]
 
@@ -34,3 +35,39 @@ ureq = { version = "3", features = ["json"] }
 
 [dev-dependencies]
 tokio-test = "0.4"  # Explicitly add if missing
+
+# The following examples are require `acl` feature 
+[[example]]
+name = "create_acl_policy"
+path = "examples/create_acl_policy.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "create_acl_token"
+path = "examples/create_acl_token.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "delete_acl_token"
+path = "examples/delete_acl_token.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "deregister_service"
+path = "examples/deregister_service.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "get_acl_policies"
+path = "examples/get_acl_policies.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "get_acl_tokens"
+path = "examples/get_acl_tokens.rs"
+required-features = ["acl"]
+
+[[example]]
+name = "read_token"
+path = "examples/read_token.rs"
+required-features = ["acl"]

examples/create_acl_policy.rs

@@ -0,0 +1,18 @@
+use rs_consul::{Config, Consul, CreateACLPolicyRequest};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    let policy_payload = CreateACLPolicyRequest {
+        name: "dev-policy-test-1".to_owned(),
+        description: Some("this is not a test policy".to_owned()),
+        rules: Some("".to_owned()),
+    };
+    consul.create_acl_policy(&policy_payload).await.unwrap();
+}

examples/create_acl_token.rs

@@ -0,0 +1,50 @@
+//
+// curl --request PUT \
+//   --url http://localhost:8500/v1/acl/token \
+//   --header "X-Consul-Token: 8fc9e787-674f-0709-cfd5-bfdabd73a70d" \
+//   --header "Content-Type: application/json" \
+//   --data '{
+//     "Description": "Minimal token for read-only access",
+//     "Policies": [
+//       {
+//         "Name": "dev-policy-test-1"
+//       }
+//     ]
+//   }'
+//
+
+use rs_consul::{Config, Consul, CreateACLTokenPayload};
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    let token_payload = CreateACLTokenPayload {
+        description: Some("Test token".to_owned()),
+        ..Default::default()
+    };
+    let result = consul.create_acl_token(&token_payload).await.unwrap();
+    println!(
+        "
+Token created successfully:
+    accessor_id: {}
+    secret_id: {}
+    description: {}
+    policies: {:#?}
+    local: {}
+    create_time:{}
+    hash: {}
+",
+        result.accessor_id,
+        result.secret_id,
+        result.description,
+        result.policies,
+        result.local,
+        result.create_time,
+        result.hash,
+    );
+}

examples/delete_acl_token.rs

@@ -0,0 +1,18 @@
+use rs_consul::{Config, Consul};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    let _res = consul
+        .delete_acl_token("58df5025-134c-8999-6bc3-992fe268a39e".to_string())
+        .await
+        .unwrap();
+
+    println!("Token deleted successfully");
+}

examples/get_acl_policies.rs

@@ -0,0 +1,28 @@
+use rs_consul::{Config, Consul};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    let acl_policies = consul.get_acl_policies().await.unwrap();
+
+    println!("{} Policies found", acl_policies.len());
+    for (i, policy) in acl_policies.iter().enumerate() {
+        println!(
+            "id #{}\n\
+        ├─ ID: {}\n\
+        ├─ Name: {}\n\
+        └─ Description: {}",
+            i + 1,
+            policy.id,
+            policy.name,
+            policy.description,
+        );
+        println!("\n=========\n")
+    }
+}

examples/get_acl_tokens.rs

@@ -0,0 +1,35 @@
+use rs_consul::{Config, Consul};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    let acl_tokens = consul.get_acl_tokens().await.unwrap();
+
+    println!("{} Tokens found", acl_tokens.len());
+    for (i, token) in acl_tokens.iter().enumerate() {
+        println!(
+            "Token #{}\n\
+        ├─ Accessor ID: {}\n\
+        ├─ Secret ID: {}\n\
+        ├─ Description: {}\n\
+        └─ Policies: {}",
+            i + 1,
+            token.accessor_id,
+            token.secret_id,
+            token.description,
+            token
+                .policies
+                .iter()
+                .map(|p| format!(" ({:?})", p))
+                .collect::<Vec<_>>()
+                .join(", ")
+        );
+        println!("\n=========\n")
+    }
+}

examples/lock.rs

@@ -0,0 +1,34 @@
+use rs_consul::{Config, Consul, types::*};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: None, // Token is None in developpement mode
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+
+    let node_id = "root-node";
+    let service_name = "new-service-1";
+    let payload = RegisterEntityPayload {
+        ID: None,
+        Node: node_id.to_string(),
+        Address: "127.0.0.1".to_string(),
+        Datacenter: None,
+        TaggedAddresses: Default::default(),
+        NodeMeta: Default::default(),
+        Service: Some(RegisterEntityService {
+            ID: None,
+            Service: service_name.to_string(),
+            Tags: vec![],
+            TaggedAddresses: Default::default(),
+            Meta: Default::default(),
+            Port: Some(42424),
+            Namespace: None,
+        }),
+        Checks: vec![],
+        SkipNodeUpdate: None,
+    };
+    consul.register_entity(&payload).await.unwrap();
+}

examples/lock_key.rs

@@ -0,0 +1,28 @@
+use std::time::Duration;
+
+use rs_consul::{Config, Consul, types::*};
+use tokio::time::sleep;
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: None, // Token is None in developpement mode
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+
+    let key = "key-locked";
+    let key_value = "\"locked_value\"";
+    // Lock request
+    let req = LockRequest {
+        key,
+        behavior: LockExpirationBehavior::Release,
+        lock_delay: std::time::Duration::from_secs(1),
+        ..Default::default()
+    };
+    let _res = consul.get_lock(req, key_value.as_bytes()).await.unwrap();
+    println!("Lock aquired for `locked-key`");
+    sleep(Duration::from_secs(5)).await; // Aquire the lock for 5 seconds
+    println!("Lock released");
+}

examples/read_token.rs

@@ -0,0 +1,35 @@
+use rs_consul::{Config, Consul};
+
+#[tokio::main] // Enables async main
+async fn main() {
+    let consul_config = Config {
+        address: "http://localhost:8500".to_string(),
+        token: Some(String::from("8fc9e787-674f-0709-cfd5-bfdabd73a70d")), // use bootstraped
+        // token (with write perm)
+        ..Default::default()
+    };
+    let consul = Consul::new(consul_config);
+    // this is equivalent to consul/token/self
+    let result = consul
+        .read_acl_token("dd72f645-4dc2-5b25-9a0b-70134ab5d1dc".to_owned())
+        .await
+        .unwrap();
+    println!(
+        "Token:
+            accessor_id: {}
+            secret_id: {}
+            description: {}
+            policies: {:#?}
+            hash: {}
+            local: {}
+            create_time:{}
+        ",
+        result.accessor_id,
+        result.secret_id,
+        result.description,
+        result.policies,
+        result.local,
+        result.create_time,
+        result.hash,
+    );
+}