mirror of https://github.com/status-im/consul.git
config: move ACL master token and replication to DeprecatedConfig
This commit is contained in:
Daniel Nephin
parent
54256fb751
commit
5dc16180ad
|
|
@ -745,13 +745,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
||||||
primaryDatacenter = datacenter
|
primaryDatacenter = datacenter
|
||||||
}
|
}
|
||||||
|
|
||||||
enableTokenReplication := false
|
|
||||||
if c.ACLReplicationToken != nil {
|
|
||||||
enableTokenReplication = true
|
|
||||||
}
|
|
||||||
|
|
||||||
boolValWithDefault(c.ACL.TokenReplication, boolValWithDefault(c.EnableACLReplication, enableTokenReplication))
|
|
||||||
|
|
||||||
enableRemoteScriptChecks := boolVal(c.EnableScriptChecks)
|
enableRemoteScriptChecks := boolVal(c.EnableScriptChecks)
|
||||||
enableLocalScriptChecks := boolValWithDefault(c.EnableLocalScriptChecks, enableRemoteScriptChecks)
|
enableLocalScriptChecks := boolValWithDefault(c.EnableLocalScriptChecks, enableRemoteScriptChecks)
|
||||||
|
|
||||||
|
|
@ -870,9 +863,9 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
||||||
},
|
},
|
||||||
|
|
||||||
ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
|
ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
|
||||||
ACLMasterToken: stringValWithDefault(c.ACL.Tokens.Master, stringVal(c.ACLMasterToken)),
|
ACLMasterToken: stringVal(c.ACL.Tokens.Master),
|
||||||
|
|
||||||
ACLTokenReplication: boolValWithDefault(c.ACL.TokenReplication, boolValWithDefault(c.EnableACLReplication, enableTokenReplication)),
|
ACLTokenReplication: boolValWithDefault(c.ACL.TokenReplication, boolVal(c.EnableACLReplication)),
|
||||||
|
|
||||||
ACLTokens: token.Config{
|
ACLTokens: token.Config{
|
||||||
DataDir: dataDir,
|
DataDir: dataDir,
|
||||||
|
|
@ -880,7 +873,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
||||||
ACLDefaultToken: stringVal(c.ACL.Tokens.Default),
|
ACLDefaultToken: stringVal(c.ACL.Tokens.Default),
|
||||||
ACLAgentToken: stringVal(c.ACL.Tokens.Agent),
|
ACLAgentToken: stringVal(c.ACL.Tokens.Agent),
|
||||||
ACLAgentMasterToken: stringVal(c.ACL.Tokens.AgentMaster),
|
ACLAgentMasterToken: stringVal(c.ACL.Tokens.AgentMaster),
|
||||||
ACLReplicationToken: stringValWithDefault(c.ACL.Tokens.Replication, stringVal(c.ACLReplicationToken)),
|
ACLReplicationToken: stringVal(c.ACL.Tokens.Replication),
|
||||||
},
|
},
|
||||||
|
|
||||||
// Autopilot
|
// Autopilot
|
||||||
|
|
|
||||||
|
|
@ -136,10 +136,6 @@ type Config struct {
|
||||||
ACLDownPolicy *string `mapstructure:"acl_down_policy"`
|
ACLDownPolicy *string `mapstructure:"acl_down_policy"`
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
||||||
ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
|
ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
|
||||||
ACLMasterToken *string `mapstructure:"acl_master_token"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
|
||||||
ACLReplicationToken *string `mapstructure:"acl_replication_token"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
ACLTTL *string `mapstructure:"acl_ttl"`
|
ACLTTL *string `mapstructure:"acl_ttl"`
|
||||||
ACL ACL `mapstructure:"acl"`
|
ACL ACL `mapstructure:"acl"`
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,11 @@ type DeprecatedConfig struct {
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
ACLToken *string `mapstructure:"acl_token"`
|
ACLToken *string `mapstructure:"acl_token"`
|
||||||
|
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
||||||
|
ACLMasterToken *string `mapstructure:"acl_master_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
|
ACLReplicationToken *string `mapstructure:"acl_replication_token"`
|
||||||
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
|
||||||
ACLDatacenter *string `mapstructure:"acl_datacenter"`
|
ACLDatacenter *string `mapstructure:"acl_datacenter"`
|
||||||
}
|
}
|
||||||
|
|
@ -39,6 +44,21 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
|
||||||
warns = append(warns, deprecationWarning("acl_token", "acl.tokens.default"))
|
warns = append(warns, deprecationWarning("acl_token", "acl.tokens.default"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if dep.ACLMasterToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Master == nil {
|
||||||
|
d.Config.ACL.Tokens.Master = dep.ACLMasterToken
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_master_token", "acl.tokens.master"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLReplicationToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Replication == nil {
|
||||||
|
d.Config.ACL.Tokens.Replication = dep.ACLReplicationToken
|
||||||
|
}
|
||||||
|
d.Config.ACL.TokenReplication = pBool(true)
|
||||||
|
warns = append(warns, deprecationWarning("acl_replication_token", "acl.tokens.replication"))
|
||||||
|
}
|
||||||
|
|
||||||
if dep.ACLDatacenter != nil {
|
if dep.ACLDatacenter != nil {
|
||||||
if d.Config.PrimaryDatacenter == nil {
|
if d.Config.PrimaryDatacenter == nil {
|
||||||
d.Config.PrimaryDatacenter = dep.ACLDatacenter
|
d.Config.PrimaryDatacenter = dep.ACLDatacenter
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,9 @@ acl_agent_master_token = "token1"
|
||||||
acl_agent_token = "token2"
|
acl_agent_token = "token2"
|
||||||
acl_token = "token3"
|
acl_token = "token3"
|
||||||
|
|
||||||
|
acl_master_token = "token4"
|
||||||
|
acl_replication_token = "token5"
|
||||||
|
|
||||||
`},
|
`},
|
||||||
}
|
}
|
||||||
patchLoadOptsShims(&opts)
|
patchLoadOptsShims(&opts)
|
||||||
|
|
@ -28,6 +31,8 @@ acl_token = "token3"
|
||||||
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
||||||
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
||||||
deprecationWarning("acl_datacenter", "primary_datacenter"),
|
deprecationWarning("acl_datacenter", "primary_datacenter"),
|
||||||
|
deprecationWarning("acl_master_token", "acl.tokens.master"),
|
||||||
|
deprecationWarning("acl_replication_token", "acl.tokens.replication"),
|
||||||
deprecationWarning("acl_token", "acl.tokens.default"),
|
deprecationWarning("acl_token", "acl.tokens.default"),
|
||||||
}
|
}
|
||||||
sort.Strings(result.Warnings)
|
sort.Strings(result.Warnings)
|
||||||
|
|
@ -42,4 +47,6 @@ acl_token = "token3"
|
||||||
require.Equal(t, "token1", rt.ACLTokens.ACLAgentMasterToken)
|
require.Equal(t, "token1", rt.ACLTokens.ACLAgentMasterToken)
|
||||||
require.Equal(t, "token2", rt.ACLTokens.ACLAgentToken)
|
require.Equal(t, "token2", rt.ACLTokens.ACLAgentToken)
|
||||||
require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken)
|
require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken)
|
||||||
|
require.Equal(t, "token4", rt.ACLMasterToken)
|
||||||
|
require.Equal(t, "token5", rt.ACLTokens.ACLReplicationToken)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1637,12 +1637,24 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||||
args: []string{`-data-dir=` + dataDir},
|
args: []string{`-data-dir=` + dataDir},
|
||||||
json: []string{`{ "acl_replication_token": "a" }`},
|
json: []string{`{ "acl_replication_token": "a" }`},
|
||||||
hcl: []string{`acl_replication_token = "a"`},
|
hcl: []string{`acl_replication_token = "a"`},
|
||||||
|
expectedWarnings: []string{deprecationWarning("acl_replication_token", "acl.tokens.replication")},
|
||||||
expected: func(rt *RuntimeConfig) {
|
expected: func(rt *RuntimeConfig) {
|
||||||
rt.ACLTokens.ACLReplicationToken = "a"
|
rt.ACLTokens.ACLReplicationToken = "a"
|
||||||
rt.ACLTokenReplication = true
|
rt.ACLTokenReplication = true
|
||||||
rt.DataDir = dataDir
|
rt.DataDir = dataDir
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
run(t, testCase{
|
||||||
|
desc: "acl.tokens.replace does not enable acl replication",
|
||||||
|
args: []string{`-data-dir=` + dataDir},
|
||||||
|
json: []string{`{ "acl": { "tokens": { "replication": "a" }}}`},
|
||||||
|
hcl: []string{`acl { tokens { replication = "a"}}`},
|
||||||
|
expected: func(rt *RuntimeConfig) {
|
||||||
|
rt.ACLTokens.ACLReplicationToken = "a"
|
||||||
|
rt.ACLTokenReplication = false
|
||||||
|
rt.DataDir = dataDir
|
||||||
|
},
|
||||||
|
})
|
||||||
run(t, testCase{
|
run(t, testCase{
|
||||||
desc: "acl_enforce_version_8 is deprecated",
|
desc: "acl_enforce_version_8 is deprecated",
|
||||||
args: []string{`-data-dir=` + dataDir},
|
args: []string{`-data-dir=` + dataDir},
|
||||||
|
|
@ -5906,6 +5918,8 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||||
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
||||||
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
||||||
deprecationWarning("acl_token", "acl.tokens.default"),
|
deprecationWarning("acl_token", "acl.tokens.default"),
|
||||||
|
deprecationWarning("acl_master_token", "acl.tokens.master"),
|
||||||
|
deprecationWarning("acl_replication_token", "acl.tokens.replication"),
|
||||||
`bootstrap_expect > 0: expecting 53 servers`,
|
`bootstrap_expect > 0: expecting 53 servers`,
|
||||||
}
|
}
|
||||||
expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)
|
expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue