Stop use of templated-policy and templated-policy-file simultaneously (…

…#19389)
hashicorp · Oct 26, 2023 · ea91e58 · ea91e58
1 parent 3b806d4
commit ea91e58
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 0 deletions.
diff --git a/.changelog/19389.txt b/.changelog/19389.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token.
+```
diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go
@@ -94,6 +94,13 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}
 
+	if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
+		c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
+			"To create a role with a single templated policy and simple use case, use -templated-policy. " +
+			"For multiple templated policies and more complicated use cases, use -templated-policy-file")
+		return 1
+	}
+
 	client, err := c.http.APIClient()
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))

diff --git a/command/acl/role/create/role_create_test.go b/command/acl/role/create/role_create_test.go
@@ -115,6 +115,22 @@ func TestRoleCreateCommand_Pretty(t *testing.T) {
 
 		require.Len(t, role.NodeIdentities, 1)
 	})
+
+	t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
+		ui := cli.NewMockUi()
+		cmd := New(ui)
+
+		code := cmd.Run([]string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-token=root",
+			"-name=role-with-node-identity",
+			"-templated-policy=builtin/node",
+			"-var=name:" + a.Config.NodeName,
+			"-templated-policy-file=test.hcl",
+		})
+		require.Equal(t, 1, code)
+		require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
+	})
 }
 
 func TestRoleCreateCommand_JSON(t *testing.T) {

diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go
@@ -105,6 +105,13 @@ func (c *cmd) Run(args []string) int {
 		return 1
 	}
 
+	if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
+		c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
+			"To create a token with a single templated policy and simple use case, use -templated-policy. " +
+			"For multiple templated policies and more complicated use cases, use -templated-policy-file")
+		return 1
+	}
+
 	client, err := c.http.APIClient()
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))

diff --git a/command/acl/token/create/token_create_test.go b/command/acl/token/create/token_create_test.go
@@ -128,6 +128,21 @@ func TestTokenCreateCommand_Pretty(t *testing.T) {
 		require.Equal(t, a.Config.NodeName, nodes[0].Node)
 	})
 
+	t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
+		ui := cli.NewMockUi()
+		cmd := New(ui)
+
+		code := cmd.Run(append([]string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-token=root",
+			"-templated-policy=builtin/node",
+			"-var=name:" + a.Config.NodeName,
+			"-templated-policy-file=test.hcl",
+		}, "-format=json"))
+		require.Equal(t, 1, code)
+		require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
+	})
+
 	// create with accessor and secret
 	t.Run("predefined-ids", func(t *testing.T) {
 		token := run(t, []string{