Implement the insecure version of the Cluster.AutoConfig RPC endpoint

Right now this is only hooked into the insecure RPC server and requires JWT authorization. If no JWT authorizer is setup in the configuration then we inject a disabled “authorizer” to always report that JWT authorization is disabled.

agent/agent.go

@@ -1403,6 +1403,18 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
 		}
 	}
 
+	// copy over auto config settings
+	base.AutoConfigEnabled = a.config.AutoConfig.Enabled
+	base.AutoConfigIntroToken = a.config.AutoConfig.IntroToken
+	base.AutoConfigIntroTokenFile = a.config.AutoConfig.IntroTokenFile
+	base.AutoConfigServerAddresses = a.config.AutoConfig.ServerAddresses
+	base.AutoConfigDNSSANs = a.config.AutoConfig.DNSSANs
+	base.AutoConfigIPSANs = a.config.AutoConfig.IPSANs
+	base.AutoConfigAuthzEnabled = a.config.AutoConfig.Authorizer.Enabled
+	base.AutoConfigAuthzAuthMethod = a.config.AutoConfig.Authorizer.AuthMethod
+	base.AutoConfigAuthzClaimAssertions = a.config.AutoConfig.Authorizer.ClaimAssertions
+	base.AutoConfigAuthzAllowReuse = a.config.AutoConfig.Authorizer.AllowReuse
+
 	// Setup the user event callback
 	base.UserEventHandler = func(e serf.UserEvent) {
 		select {

agent/agentpb/auto_config.go

@@ -0,0 +1,21 @@
+package agentpb
+
+func (req *AutoConfigRequest) RequestDatacenter() string {
+	return req.Datacenter
+}
+
+func (req *AutoConfigRequest) IsRead() bool {
+	return false
+}
+
+func (req *AutoConfigRequest) AllowStaleRead() bool {
+	return false
+}
+
+func (req *AutoConfigRequest) TokenSecret() string {
+	return req.ConsulToken
+}
+
+func (req *AutoConfigRequest) SetTokenSecret(token string) {
+	req.ConsulToken = token
+}