Allow the bootstrap endpoint to be disabled in enterprise. (#7614)

hashicorp · Apr 14, 2020 · cfab77e · cfab77e
1 parent ea53fc6
commit cfab77e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
@@ -115,6 +115,10 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
 		return err
 	}
 
+	if err := a.srv.aclBootstrapAllowed(); err != nil {
+		return err
+	}
+
 	// Verify we are allowed to serve this request
 	if !a.srv.InACLDatacenter() {
 		return acl.ErrDisabled

diff --git a/agent/consul/acl_server_oss.go b/agent/consul/acl_server_oss.go
@@ -16,3 +16,11 @@ func (s *Server) ResolveEntTokenToIdentityAndAuthorizer(token string) (structs.A
 func (s *Server) validateEnterpriseToken(identity structs.ACLIdentity) error {
 	return nil
 }
+
+// aclBootstrapAllowed returns whether the server's configuration would allow ACL bootstrapping
+//
+// This endpoint does not take into account whether bootstrapping has been performed previously
+// nor the bootstrap reset file.
+func (s *Server) aclBootstrapAllowed() error {
+	return nil
+}