manage-acl.rb

#!/usr/bin/env ruby

require 'diplomat'

def die(msg)
  STDERR.puts "ERROR: #{msg}"
  exit 1
end

def print_usage
  STDERR.puts <<USAGE
Usage:

#{$0} create <acl-name> '<acl-policy>'
  Creates or updates the ACL named <acl-name> with <acl-policy>.

#{$0} delete <acl-name>
  Deletes the ACL named <acl-name> if it exists.
USAGE
  exit 1
end


def get_acl(name)
  Diplomat::Acl.list.find { |acl| acl["Name"] == name }
end

def create_acl(name, policy)
  acl = get_acl(name)
  if acl.nil?
    # create acl
    new_acl = {
      "Name" => name,
      "Type" => "client",
      "Rules" => policy,
    }
    response = Diplomat::Acl.create(new_acl)
    if response["ID"].nil?
      die "An error occurred when creating the ACL: #{response}"
    end
  else
    # update acl
    acl["Rules"] = policy
    response = Diplomat::Acl.update(acl)
    if response["ID"].nil?
      die "An error occurred when updating the ACL: #{response}"
    end
  end
end

def delete_acl(name)
  acl = get_acl(name)
  exit 0 if acl.nil?

  if not Diplomat::Acl.destroy(acl["ID"])
    die "Could not delete ACL"
  end
end

print_usage if ARGV.count < 2

Diplomat.configure do |config|
  config.acl_token = ENV['CONSUL_HTTP_TOKEN']
  # do other configuration here if necessary
end

case ARGV[0]
when "create"
  create_acl(ARGV[1], ARGV[2])
when "delete"
  delete_acl(ARGV[1])
else
  print_usage
end

Used by https://gist.github.com/daveadams/1ba4828220911a126dbdf93629c037a1