From 26ca81b4fc3008320a55756559769ae73afaf49c Mon Sep 17 00:00:00 2001
From: freddygv <gh@freddygv.xyz>
Date: Thu, 2 Jan 2020 15:27:23 -0700
Subject: [PATCH 1/3] Update foreleave requirement to operator:write

---
 agent/agent_endpoint.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index f791a90e957a..c6287bf5ed5d 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -475,7 +475,7 @@ func (s *HTTPServer) AgentForceLeave(resp http.ResponseWriter, req *http.Request
 	if err != nil {
 		return nil, err
 	}
-	if rule != nil && rule.AgentWrite(s.agent.config.NodeName, nil) != acl.Allow {
+	if rule != nil && rule.OperatorWrite(nil) != acl.Allow {
 		return nil, acl.ErrPermissionDenied
 	}
 

From 1e2d45812262f0a6d9d4fb7a8f8e2a9595c8ef0f Mon Sep 17 00:00:00 2001
From: freddygv <gh@freddygv.xyz>
Date: Tue, 14 Jan 2020 15:06:24 -0700
Subject: [PATCH 2/3] Update test

---
 agent/agent_endpoint_test.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go
index 3c8e5063f997..a6a1776de5da 100644
--- a/agent/agent_endpoint_test.go
+++ b/agent/agent_endpoint_test.go
@@ -1646,7 +1646,7 @@ func TestAgent_ForceLeave_ACLDeny(t *testing.T) {
 
 	t.Run("agent master token", func(t *testing.T) {
 		req, _ := http.NewRequest("PUT", uri+"?token=towel", nil)
-		if _, err := a.srv.AgentForceLeave(nil, req); err != nil {
+		if _, err := a.srv.AgentForceLeave(nil, req); !acl.IsErrPermissionDenied(err) {
 			t.Fatalf("err: %v", err)
 		}
 	})
@@ -1658,6 +1658,19 @@ func TestAgent_ForceLeave_ACLDeny(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 	})
+
+	t.Run("operator write token", func(t *testing.T) {
+		// Create an ACL with operator read permissions.
+		var rules = `
+                    operator = "write"
+                `
+		opToken := testCreateToken(t, a, rules)
+
+		req, _ := http.NewRequest("PUT", fmt.Sprintf(uri+"?token=%s", opToken), nil)
+		if _, err := a.srv.AgentForceLeave(nil, req); err != nil {
+			t.Fatalf("err: %v", err)
+		}
+	})
 }
 
 func TestAgent_ForceLeavePrune(t *testing.T) {

From d196afd5240451c324c310ed5da97d108efe0cbe Mon Sep 17 00:00:00 2001
From: freddygv <gh@freddygv.xyz>
Date: Tue, 14 Jan 2020 15:13:22 -0700
Subject: [PATCH 3/3] Update docs

---
 website/source/api/agent.html.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/api/agent.html.md b/website/source/api/agent.html.md
index aed49e7e2b16..62a70605a975 100644
--- a/website/source/api/agent.html.md
+++ b/website/source/api/agent.html.md
@@ -506,7 +506,7 @@ The table below shows this endpoint's support for
 
 | Blocking Queries | Consistency Modes | Agent Caching | ACL Required  |
 | ---------------- | ----------------- | ------------- | ------------- |
-| `NO`             | `none`            | `none`        | `agent:write` |
+| `NO`             | `none`            | `none`        | `operator:write` |
 
 ### Parameters