status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-25 13:10:32 +00:00
Code Issues Projects Releases Wiki Activity

acl: remove init check for legacy anon token

Browse Source 
This token should always already be migrated from a previous version.
This commit is contained in:
Daniel Nephin 2021-10-05 12:07:52 -04:00
parent daba3c2309
commit 0784a31e85
2 changed files with 16 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/config/default.go
View File

@ -18,11 +18,6 @@ func DefaultSource() Source {
serfLAN := cfg.SerfLANConfig.MemberlistConfig serfLAN := cfg.SerfLANConfig.MemberlistConfig
serfWAN := cfg.SerfWANConfig.MemberlistConfig serfWAN := cfg.SerfWANConfig.MemberlistConfig
// DEPRECATED (ACL-Legacy-Compat) - when legacy ACL support is removed these defaults
// the acl_* config entries here should be transitioned to their counterparts in the
// acl stanza for now we need to be able to detect the new entries not being set (not
// just set to the defaults here) so that we can use the old entries. So the true
// default still needs to reside in the original config values
return FileSource{ return FileSource{
Name: "default", Name: "default",
Format: "hcl", Format: "hcl",

43
agent/consul/leader.go
View File

@ -498,35 +498,24 @@ func (s *Server) initializeACLs(ctx context.Context) error {
} }
// Ignoring expiration times to avoid an insertion collision. // Ignoring expiration times to avoid an insertion collision.
if token == nil { if token == nil {
// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token token = &structs.ACLToken{
// check for legacy token that needs an upgrade AccessorID: structs.ACLTokenAnonymousID,
_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil) SecretID: anonymousToken,
Description: "Anonymous Token",
CreateTime: time.Now(),
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
}
token.SetHash(true)
req := structs.ACLTokenBatchSetRequest{
Tokens: structs.ACLTokens{token},
CAS: false,
}
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
if err != nil { if err != nil {
return fmt.Errorf("failed to get anonymous token: %v", err) return fmt.Errorf("failed to create anonymous token: %v", err)
}
// Ignoring expiration times to avoid an insertion collision.
// the token upgrade routine will take care of upgrading the token if a legacy version exists
if legacyToken == nil {
token = &structs.ACLToken{
AccessorID: structs.ACLTokenAnonymousID,
SecretID: anonymousToken,
Description: "Anonymous Token",
CreateTime: time.Now(),
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
}
token.SetHash(true)
req := structs.ACLTokenBatchSetRequest{
Tokens: structs.ACLTokens{token},
CAS: false,
}
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
if err != nil {
return fmt.Errorf("failed to create anonymous token: %v", err)
}
s.logger.Info("Created ACL anonymous token from configuration")
} }
s.logger.Info("Created ACL anonymous token from configuration")
} }
// launch the upgrade go routine to generate accessors for everything // launch the upgrade go routine to generate accessors for everything
s.startACLUpgrade(ctx) s.startACLUpgrade(ctx)