mirror of https://github.com/status-im/consul.git
acl: remove ACLTokenTypeManagement
This commit is contained in:
parent
32b4ad42ac
commit
3390f85ab4
|
@ -235,10 +235,8 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
CreateTime: time.Now(),
|
CreateTime: time.Now(),
|
||||||
Local: false,
|
Local: false,
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||||
},
|
},
|
||||||
ResetIndex: specifiedIndex,
|
ResetIndex: specifiedIndex,
|
||||||
|
|
|
@ -48,7 +48,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
|
||||||
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out))
|
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out))
|
||||||
require.Equal(t, 36, len(out.AccessorID))
|
require.Equal(t, 36, len(out.AccessorID))
|
||||||
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
||||||
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
|
|
||||||
require.True(t, out.CreateIndex > 0)
|
require.True(t, out.CreateIndex > 0)
|
||||||
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
||||||
|
|
||||||
|
@ -69,7 +68,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
|
||||||
require.Equal(t, 36, len(out.AccessorID))
|
require.Equal(t, 36, len(out.AccessorID))
|
||||||
require.NotEqual(t, oldID, out.AccessorID)
|
require.NotEqual(t, oldID, out.AccessorID)
|
||||||
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
||||||
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
|
|
||||||
require.True(t, out.CreateIndex > 0)
|
require.True(t, out.CreateIndex > 0)
|
||||||
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,8 +111,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
|
||||||
},
|
},
|
||||||
CreateTime: time.Now(),
|
CreateTime: time.Now(),
|
||||||
Local: false,
|
Local: false,
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
Type: "management",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
}
|
}
|
||||||
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
|
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
|
||||||
|
|
||||||
|
|
|
@ -452,11 +452,8 @@ func (s *Server) initializeACLs(ctx context.Context) error {
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
CreateTime: time.Now(),
|
CreateTime: time.Now(),
|
||||||
Local: false,
|
Local: false,
|
||||||
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - only needed for compatibility
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -599,7 +596,7 @@ func (s *Server) legacyACLTokenUpgrade(ctx context.Context) error {
|
||||||
len(newToken.ServiceIdentities) == 0 &&
|
len(newToken.ServiceIdentities) == 0 &&
|
||||||
len(newToken.NodeIdentities) == 0 &&
|
len(newToken.NodeIdentities) == 0 &&
|
||||||
len(newToken.Roles) == 0 &&
|
len(newToken.Roles) == 0 &&
|
||||||
newToken.Type == structs.ACLTokenTypeManagement {
|
newToken.Type == "management" {
|
||||||
newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID})
|
newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -171,8 +171,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
||||||
},
|
},
|
||||||
CreateTime: time.Now(),
|
CreateTime: time.Now(),
|
||||||
Local: false,
|
Local: false,
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
token2 := &structs.ACLToken{
|
token2 := &structs.ACLToken{
|
||||||
|
@ -186,8 +184,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
||||||
},
|
},
|
||||||
CreateTime: time.Now(),
|
CreateTime: time.Now(),
|
||||||
Local: false,
|
Local: false,
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
s := testStateStore(t)
|
s := testStateStore(t)
|
||||||
|
@ -788,29 +784,31 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
return tx.Commit()
|
return tx.Commit()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const ACLTokenTypeManagement = "management"
|
||||||
|
|
||||||
require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{
|
require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: ACLTokenTypeManagement,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{
|
require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{
|
||||||
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: ACLTokenTypeManagement,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{
|
require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{
|
||||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: ACLTokenTypeManagement,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{
|
require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{
|
||||||
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
|
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: ACLTokenTypeManagement,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{
|
require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{
|
||||||
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
|
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: ACLTokenTypeManagement,
|
||||||
}))
|
}))
|
||||||
|
|
||||||
tokens, _, err := s.ACLTokenListUpgradeable(3)
|
tokens, _, err := s.ACLTokenListUpgradeable(3)
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
// DEPRECATED (ACL-Legacy-Compat)
|
|
||||||
//
|
|
||||||
// Everything within this file is deprecated and related to the original ACL
|
|
||||||
// implementation. Once support for v1 ACLs are removed this whole file can
|
|
||||||
// be deleted.
|
|
||||||
|
|
||||||
package structs
|
|
||||||
|
|
||||||
const (
|
|
||||||
// ACLTokenTypeManagement tokens have an always allow policy, so they can
|
|
||||||
// make other tokens and can access all resources.
|
|
||||||
ACLTokenTypeManagement = "management"
|
|
||||||
)
|
|
Loading…
Reference in New Issue