acl: remove ACLTokenTypeManagement

This commit is contained in:
Daniel Nephin 2021-09-29 18:43:45 -04:00
parent 32b4ad42ac
commit 3390f85ab4
6 changed files with 13 additions and 36 deletions

View File

@ -235,10 +235,8 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
ID: structs.ACLPolicyGlobalManagementID, ID: structs.ACLPolicyGlobalManagementID,
}, },
}, },
CreateTime: time.Now(), CreateTime: time.Now(),
Local: false, Local: false,
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
Type: structs.ACLTokenTypeManagement,
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
}, },
ResetIndex: specifiedIndex, ResetIndex: specifiedIndex,

View File

@ -48,7 +48,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out)) require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out))
require.Equal(t, 36, len(out.AccessorID)) require.Equal(t, 36, len(out.AccessorID))
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token")) require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
require.True(t, out.CreateIndex > 0) require.True(t, out.CreateIndex > 0)
require.Equal(t, out.CreateIndex, out.ModifyIndex) require.Equal(t, out.CreateIndex, out.ModifyIndex)
@ -69,7 +68,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
require.Equal(t, 36, len(out.AccessorID)) require.Equal(t, 36, len(out.AccessorID))
require.NotEqual(t, oldID, out.AccessorID) require.NotEqual(t, oldID, out.AccessorID)
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token")) require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
require.True(t, out.CreateIndex > 0) require.True(t, out.CreateIndex > 0)
require.Equal(t, out.CreateIndex, out.ModifyIndex) require.Equal(t, out.CreateIndex, out.ModifyIndex)
} }

View File

@ -111,8 +111,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
}, },
CreateTime: time.Now(), CreateTime: time.Now(),
Local: false, Local: false,
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs Type: "management",
Type: structs.ACLTokenTypeManagement,
} }
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token)) require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))

View File

@ -452,11 +452,8 @@ func (s *Server) initializeACLs(ctx context.Context) error {
ID: structs.ACLPolicyGlobalManagementID, ID: structs.ACLPolicyGlobalManagementID,
}, },
}, },
CreateTime: time.Now(), CreateTime: time.Now(),
Local: false, Local: false,
// DEPRECATED (ACL-Legacy-Compat) - only needed for compatibility
Type: structs.ACLTokenTypeManagement,
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
} }
@ -599,7 +596,7 @@ func (s *Server) legacyACLTokenUpgrade(ctx context.Context) error {
len(newToken.ServiceIdentities) == 0 && len(newToken.ServiceIdentities) == 0 &&
len(newToken.NodeIdentities) == 0 && len(newToken.NodeIdentities) == 0 &&
len(newToken.Roles) == 0 && len(newToken.Roles) == 0 &&
newToken.Type == structs.ACLTokenTypeManagement { newToken.Type == "management" {
newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID}) newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID})
} }

View File

@ -171,8 +171,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
}, },
CreateTime: time.Now(), CreateTime: time.Now(),
Local: false, Local: false,
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
Type: structs.ACLTokenTypeManagement,
} }
token2 := &structs.ACLToken{ token2 := &structs.ACLToken{
@ -186,8 +184,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
}, },
CreateTime: time.Now(), CreateTime: time.Now(),
Local: false, Local: false,
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
Type: structs.ACLTokenTypeManagement,
} }
s := testStateStore(t) s := testStateStore(t)
@ -788,29 +784,31 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
return tx.Commit() return tx.Commit()
} }
const ACLTokenTypeManagement = "management"
require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{ require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b", SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
Type: structs.ACLTokenTypeManagement, Type: ACLTokenTypeManagement,
})) }))
require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{ require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba", SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
Type: structs.ACLTokenTypeManagement, Type: ACLTokenTypeManagement,
})) }))
require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{ require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61", SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
Type: structs.ACLTokenTypeManagement, Type: ACLTokenTypeManagement,
})) }))
require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{ require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b", SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
Type: structs.ACLTokenTypeManagement, Type: ACLTokenTypeManagement,
})) }))
require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{ require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee", SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
Type: structs.ACLTokenTypeManagement, Type: ACLTokenTypeManagement,
})) }))
tokens, _, err := s.ACLTokenListUpgradeable(3) tokens, _, err := s.ACLTokenListUpgradeable(3)

View File

@ -1,13 +0,0 @@
// DEPRECATED (ACL-Legacy-Compat)
//
// Everything within this file is deprecated and related to the original ACL
// implementation. Once support for v1 ACLs are removed this whole file can
// be deleted.
package structs
const (
// ACLTokenTypeManagement tokens have an always allow policy, so they can
// make other tokens and can access all resources.
ACLTokenTypeManagement = "management"
)