mirror of https://github.com/status-im/consul.git
acl: remove init check for legacy anon token
This token should always already be migrated from a previous version.
This commit is contained in:
parent
daba3c2309
commit
0784a31e85
|
@ -18,11 +18,6 @@ func DefaultSource() Source {
|
|||
serfLAN := cfg.SerfLANConfig.MemberlistConfig
|
||||
serfWAN := cfg.SerfWANConfig.MemberlistConfig
|
||||
|
||||
// DEPRECATED (ACL-Legacy-Compat) - when legacy ACL support is removed these defaults
|
||||
// the acl_* config entries here should be transitioned to their counterparts in the
|
||||
// acl stanza for now we need to be able to detect the new entries not being set (not
|
||||
// just set to the defaults here) so that we can use the old entries. So the true
|
||||
// default still needs to reside in the original config values
|
||||
return FileSource{
|
||||
Name: "default",
|
||||
Format: "hcl",
|
||||
|
|
|
@ -498,35 +498,24 @@ func (s *Server) initializeACLs(ctx context.Context) error {
|
|||
}
|
||||
// Ignoring expiration times to avoid an insertion collision.
|
||||
if token == nil {
|
||||
// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token
|
||||
// check for legacy token that needs an upgrade
|
||||
_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil)
|
||||
token = &structs.ACLToken{
|
||||
AccessorID: structs.ACLTokenAnonymousID,
|
||||
SecretID: anonymousToken,
|
||||
Description: "Anonymous Token",
|
||||
CreateTime: time.Now(),
|
||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||
}
|
||||
token.SetHash(true)
|
||||
|
||||
req := structs.ACLTokenBatchSetRequest{
|
||||
Tokens: structs.ACLTokens{token},
|
||||
CAS: false,
|
||||
}
|
||||
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get anonymous token: %v", err)
|
||||
}
|
||||
// Ignoring expiration times to avoid an insertion collision.
|
||||
|
||||
// the token upgrade routine will take care of upgrading the token if a legacy version exists
|
||||
if legacyToken == nil {
|
||||
token = &structs.ACLToken{
|
||||
AccessorID: structs.ACLTokenAnonymousID,
|
||||
SecretID: anonymousToken,
|
||||
Description: "Anonymous Token",
|
||||
CreateTime: time.Now(),
|
||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||
}
|
||||
token.SetHash(true)
|
||||
|
||||
req := structs.ACLTokenBatchSetRequest{
|
||||
Tokens: structs.ACLTokens{token},
|
||||
CAS: false,
|
||||
}
|
||||
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create anonymous token: %v", err)
|
||||
}
|
||||
s.logger.Info("Created ACL anonymous token from configuration")
|
||||
return fmt.Errorf("failed to create anonymous token: %v", err)
|
||||
}
|
||||
s.logger.Info("Created ACL anonymous token from configuration")
|
||||
}
|
||||
// launch the upgrade go routine to generate accessors for everything
|
||||
s.startACLUpgrade(ctx)
|
||||
|
|
Loading…
Reference in New Issue