From ac959c357c5b3a01e8f43ef02d8e33e76271ef05 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Wed, 8 Apr 2020 09:51:44 -0400
Subject: [PATCH] Allow the bootstrap endpoint to be disabled in enterprise.

---
 agent/consul/acl_endpoint.go   | 4 ++++
 agent/consul/acl_server_oss.go | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go
index 641e57b5a45e..5d1546c7425a 100644
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@@ -115,6 +115,10 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
 		return err
 	}
 
+	if err := a.srv.aclBootstrapAllowed(); err != nil {
+		return err
+	}
+
 	// Verify we are allowed to serve this request
 	if !a.srv.InACLDatacenter() {
 		return acl.ErrDisabled
diff --git a/agent/consul/acl_server_oss.go b/agent/consul/acl_server_oss.go
index 32aedd9405c1..7c378143bba6 100644
--- a/agent/consul/acl_server_oss.go
+++ b/agent/consul/acl_server_oss.go
@@ -16,3 +16,11 @@ func (s *Server) ResolveEntTokenToIdentityAndAuthorizer(token string) (structs.A
 func (s *Server) validateEnterpriseToken(identity structs.ACLIdentity) error {
 	return nil
 }
+
+// aclBootstrapAllowed returns whether the server's configuration would allow ACL bootstrapping
+//
+// This endpoint does not take into account whether bootstrapping has been performed previously
+// nor the bootstrap reset file.
+func (s *Server) aclBootstrapAllowed() error {
+	return nil
+}