Enhance Token Creation with Policy Support (#76)

- Implement creation of policies. - Integrate policy addition during token creation.
criteo · May 23, 2024 · 4042528 · 4042528
1 parent 93df72e
commit 4042528
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/consul/api/acl/policy.py b/consul/api/acl/policy.py
@@ -1,3 +1,5 @@
+import json
+
 from consul.callback import CB
 
 
@@ -30,3 +32,29 @@ def read(self, uuid, token=None):
         if token:
             params.append(("token", token))
         return self.agent.http.get(CB.json(), f"/v1/acl/policy/{uuid}", params=params)
+
+    def create(self, name, token=None, description=None, rules=None):
+        """
+        Create a policy
+        This is a privileged endpoint, and requires a token with acl:write.
+        :param name: Specifies a name for the ACL policy.
+        :param token: token with acl:write capability
+        :param description: Free form human readable description of the policy.
+        :param rules: Specifies rules for the ACL policy.
+        :return: The cloned token information
+        """
+        params = []
+        token = token or self.agent.token
+        if token:
+            params.append(("token", token))
+        json_data = {"name": name}
+        if rules:
+            json_data["rules"] = json.dumps(rules)
+        if description:
+            json_data["Description"] = description
+        return self.agent.http.put(
+            CB.json(),
+            "/v1/acl/policy",
+            params=params,
+            data=json.dumps(json_data),
+        )
diff --git a/consul/api/acl/token.py b/consul/api/acl/token.py
@@ -67,14 +67,15 @@ def clone(self, accessor_id, token=None, description=""):
             data=json.dumps(json_data),
         )
 
-    def create(self, token=None, accessor_id=None, secret_id=None, description=""):
+    def create(self, token=None, accessor_id=None, secret_id=None, policies_id=None, description=""):
         """
         Create a token (optionally identified by *secret_id* and *accessor_id*).
         This is a privileged endpoint, and requires a token with acl:write.
         :param token: token with acl:write capability
         :param accessor_id: The accessor ID of the token to create
         :param secret_id: The secret ID of the token to create
         :param description: Optional new token description
+        :param policies: Optional list of policies id
         :return: The cloned token information
         """
         params = []
@@ -89,6 +90,9 @@ def create(self, token=None, accessor_id=None, secret_id=None, description=""):
             json_data["SecretID"] = secret_id
         if description:
             json_data["Description"] = description
+        if policies_id:
+            json_data["Policies"] = [{"ID": policy} for policy in policies_id]
+
         return self.agent.http.put(
             CB.json(),
             "/v1/acl/token",