diff --git a/api/agent.go b/api/agent.go index 6795c43d1664..af06689d36ff 100644 --- a/api/agent.go +++ b/api/agent.go @@ -175,7 +175,7 @@ func (a *Agent) SetServers(addrs []string) error { // ListKeys returns the list of installed keys func (a *Agent) ListKeys() (*KeyringResponse, error) { var resp KeyringResponse - _, err := a.client.query("/v1/agent/keys/list", &resp, nil) + _, err := a.client.query("/v1/agent/keyring/list", &resp, nil) if err != nil { return nil, err } @@ -188,7 +188,7 @@ func (a *Agent) InstallKey(key string) (*KeyringResponse, error) { Key: key, } var resp KeyringResponse - _, err := a.client.write("/v1/agent/keys/install", &args, &resp, nil) + _, err := a.client.write("/v1/agent/keyring/install", &args, &resp, nil) return &resp, err } @@ -198,7 +198,7 @@ func (a *Agent) UseKey(key string) (*KeyringResponse, error) { Key: key, } var resp KeyringResponse - _, err := a.client.write("/v1/agent/keys/use", &args, &resp, nil) + _, err := a.client.write("/v1/agent/keyring/use", &args, &resp, nil) return &resp, err } @@ -208,7 +208,7 @@ func (a *Agent) RemoveKey(key string) (*KeyringResponse, error) { Key: key, } var resp KeyringResponse - _, err := a.client.write("/v1/agent/keys/remove", &args, &resp, nil) + _, err := a.client.write("/v1/agent/keyring/remove", &args, &resp, nil) return &resp, err } diff --git a/command/agent/agent_endpoint.go b/command/agent/agent_endpoint.go index 96a3810577bd..34b7f7ac7424 100644 --- a/command/agent/agent_endpoint.go +++ b/command/agent/agent_endpoint.go @@ -169,7 +169,6 @@ func (s *HTTPServer) updateServers(resp http.ResponseWriter, req *http.Request) // KeyringOperationRequest allows an operator to install/delete/use keys func (s *HTTPServer) KeyringOperationRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - s.logger.Printf("DIPTANU HERE") srv := s.agent.Server() if srv == nil { return nil, CodedError(501, ErrInvalidMethod) @@ -183,7 +182,7 @@ func (s *HTTPServer) KeyringOperationRequest(resp http.ResponseWriter, req *http var args structs.KeyringRequest //Get the op - op := strings.TrimPrefix(req.URL.Path, "/v1/agent/keys/") + op := strings.TrimPrefix(req.URL.Path, "/v1/agent/keyring/") switch op { case "list": diff --git a/command/agent/command.go b/command/agent/command.go index 8e999c60a73c..cc8ec3caa124 100644 --- a/command/agent/command.go +++ b/command/agent/command.go @@ -83,6 +83,7 @@ func (c *Command) readConfig() *Config { flags.Var((*sliceflag.StringFlag)(&cmdConfig.Server.RetryJoin), "retry-join", "") flags.IntVar(&cmdConfig.Server.RetryMaxAttempts, "retry-max", 0, "") flags.StringVar(&cmdConfig.Server.RetryInterval, "retry-interval", "", "") + flags.StringVar(&cmdConfig.Server.EncryptKey, "encrypt", "", "gossip encryption key") // Client-only options flags.StringVar(&cmdConfig.Client.StateDir, "state-dir", "", "") @@ -189,6 +190,17 @@ func (c *Command) readConfig() *Config { return config } + if config.Server.EncryptKey != "" { + if _, err := config.Server.EncryptBytes(); err != nil { + c.Ui.Error(fmt.Sprintf("Invalid encryption key: %s", err)) + return nil + } + keyfile := filepath.Join(config.DataDir, serfKeyring) + if _, err := os.Stat(keyfile); err == nil { + c.Ui.Error("WARNING: keyring exists but -encrypt given, using keyring") + } + } + // Parse the RetryInterval. dur, err := time.ParseDuration(config.Server.RetryInterval) if err != nil { diff --git a/command/agent/http.go b/command/agent/http.go index 35b1585f4f99..ec2c4fdb47a1 100644 --- a/command/agent/http.go +++ b/command/agent/http.go @@ -122,7 +122,7 @@ func (s *HTTPServer) registerHandlers(enableDebug bool) { s.mux.HandleFunc("/v1/agent/members", s.wrap(s.AgentMembersRequest)) s.mux.HandleFunc("/v1/agent/force-leave", s.wrap(s.AgentForceLeaveRequest)) s.mux.HandleFunc("/v1/agent/servers", s.wrap(s.AgentServersRequest)) - s.mux.HandleFunc("/v1/agent/keys/", s.wrap(s.KeyringOperationRequest)) + s.mux.HandleFunc("/v1/agent/keyring/", s.wrap(s.KeyringOperationRequest)) s.mux.HandleFunc("/v1/regions", s.wrap(s.RegionListRequest))