mirror of
https://github.com/status-im/consul.git
synced 2025-02-05 02:16:09 +00:00
Merge pull request #10988 from hashicorp/dnephin/acl-legacy-remove-config
acl: isolate deprecated config and warn when they are used
This commit is contained in:
commit
8d1378cc1d
@ -745,13 +745,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||||||
primaryDatacenter = datacenter
|
primaryDatacenter = datacenter
|
||||||
}
|
}
|
||||||
|
|
||||||
enableTokenReplication := false
|
|
||||||
if c.ACLReplicationToken != nil {
|
|
||||||
enableTokenReplication = true
|
|
||||||
}
|
|
||||||
|
|
||||||
boolValWithDefault(c.ACL.TokenReplication, boolValWithDefault(c.EnableACLReplication, enableTokenReplication))
|
|
||||||
|
|
||||||
enableRemoteScriptChecks := boolVal(c.EnableScriptChecks)
|
enableRemoteScriptChecks := boolVal(c.EnableScriptChecks)
|
||||||
enableLocalScriptChecks := boolValWithDefault(c.EnableLocalScriptChecks, enableRemoteScriptChecks)
|
enableLocalScriptChecks := boolValWithDefault(c.EnableLocalScriptChecks, enableRemoteScriptChecks)
|
||||||
|
|
||||||
@ -863,24 +856,24 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
NodeName: b.nodeName(c.NodeName),
|
NodeName: b.nodeName(c.NodeName),
|
||||||
ACLPolicyTTL: b.durationVal("acl.policy_ttl", c.ACL.PolicyTTL),
|
ACLPolicyTTL: b.durationVal("acl.policy_ttl", c.ACL.PolicyTTL),
|
||||||
ACLTokenTTL: b.durationValWithDefault("acl.token_ttl", c.ACL.TokenTTL, b.durationVal("acl_ttl", c.ACLTTL)),
|
ACLTokenTTL: b.durationVal("acl.token_ttl", c.ACL.TokenTTL),
|
||||||
ACLRoleTTL: b.durationVal("acl.role_ttl", c.ACL.RoleTTL),
|
ACLRoleTTL: b.durationVal("acl.role_ttl", c.ACL.RoleTTL),
|
||||||
ACLDownPolicy: stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)),
|
ACLDownPolicy: stringVal(c.ACL.DownPolicy),
|
||||||
ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)),
|
ACLDefaultPolicy: stringVal(c.ACL.DefaultPolicy),
|
||||||
},
|
},
|
||||||
|
|
||||||
ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
|
ACLEnableKeyListPolicy: boolVal(c.ACL.EnableKeyListPolicy),
|
||||||
ACLMasterToken: stringValWithDefault(c.ACL.Tokens.Master, stringVal(c.ACLMasterToken)),
|
ACLMasterToken: stringVal(c.ACL.Tokens.Master),
|
||||||
|
|
||||||
ACLTokenReplication: boolValWithDefault(c.ACL.TokenReplication, boolValWithDefault(c.EnableACLReplication, enableTokenReplication)),
|
ACLTokenReplication: boolVal(c.ACL.TokenReplication),
|
||||||
|
|
||||||
ACLTokens: token.Config{
|
ACLTokens: token.Config{
|
||||||
DataDir: dataDir,
|
DataDir: dataDir,
|
||||||
EnablePersistence: boolValWithDefault(c.ACL.EnableTokenPersistence, false),
|
EnablePersistence: boolValWithDefault(c.ACL.EnableTokenPersistence, false),
|
||||||
ACLDefaultToken: stringValWithDefault(c.ACL.Tokens.Default, stringVal(c.ACLToken)),
|
ACLDefaultToken: stringVal(c.ACL.Tokens.Default),
|
||||||
ACLAgentToken: stringValWithDefault(c.ACL.Tokens.Agent, stringVal(c.ACLAgentToken)),
|
ACLAgentToken: stringVal(c.ACL.Tokens.Agent),
|
||||||
ACLAgentMasterToken: stringVal(c.ACL.Tokens.AgentMaster),
|
ACLAgentMasterToken: stringVal(c.ACL.Tokens.AgentMaster),
|
||||||
ACLReplicationToken: stringValWithDefault(c.ACL.Tokens.Replication, stringVal(c.ACLReplicationToken)),
|
ACLReplicationToken: stringVal(c.ACL.Tokens.Replication),
|
||||||
},
|
},
|
||||||
|
|
||||||
// Autopilot
|
// Autopilot
|
||||||
|
@ -130,22 +130,6 @@ type Cache struct {
|
|||||||
// configuration it should be treated as an external API which cannot be
|
// configuration it should be treated as an external API which cannot be
|
||||||
// changed and refactored at will since this will break existing setups.
|
// changed and refactored at will since this will break existing setups.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
|
||||||
ACLAgentToken *string `mapstructure:"acl_agent_token"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
|
||||||
ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
|
||||||
ACLDownPolicy *string `mapstructure:"acl_down_policy"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
|
||||||
ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
|
||||||
ACLMasterToken *string `mapstructure:"acl_master_token"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
|
||||||
ACLReplicationToken *string `mapstructure:"acl_replication_token"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
|
||||||
ACLTTL *string `mapstructure:"acl_ttl"`
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
|
||||||
ACLToken *string `mapstructure:"acl_token"`
|
|
||||||
ACL ACL `mapstructure:"acl"`
|
ACL ACL `mapstructure:"acl"`
|
||||||
Addresses Addresses `mapstructure:"addresses"`
|
Addresses Addresses `mapstructure:"addresses"`
|
||||||
AdvertiseAddrLAN *string `mapstructure:"advertise_addr"`
|
AdvertiseAddrLAN *string `mapstructure:"advertise_addr"`
|
||||||
@ -188,7 +172,6 @@ type Config struct {
|
|||||||
DisableUpdateCheck *bool `mapstructure:"disable_update_check"`
|
DisableUpdateCheck *bool `mapstructure:"disable_update_check"`
|
||||||
DiscardCheckOutput *bool `mapstructure:"discard_check_output"`
|
DiscardCheckOutput *bool `mapstructure:"discard_check_output"`
|
||||||
DiscoveryMaxStale *string `mapstructure:"discovery_max_stale"`
|
DiscoveryMaxStale *string `mapstructure:"discovery_max_stale"`
|
||||||
EnableACLReplication *bool `mapstructure:"enable_acl_replication"`
|
|
||||||
EnableAgentTLSForChecks *bool `mapstructure:"enable_agent_tls_for_checks"`
|
EnableAgentTLSForChecks *bool `mapstructure:"enable_agent_tls_for_checks"`
|
||||||
EnableCentralServiceConfig *bool `mapstructure:"enable_central_service_config"`
|
EnableCentralServiceConfig *bool `mapstructure:"enable_central_service_config"`
|
||||||
EnableDebug *bool `mapstructure:"enable_debug"`
|
EnableDebug *bool `mapstructure:"enable_debug"`
|
||||||
|
@ -27,11 +27,11 @@ func DefaultSource() Source {
|
|||||||
Name: "default",
|
Name: "default",
|
||||||
Format: "hcl",
|
Format: "hcl",
|
||||||
Data: `
|
Data: `
|
||||||
acl_default_policy = "allow"
|
|
||||||
acl_down_policy = "extend-cache"
|
|
||||||
acl_ttl = "30s"
|
|
||||||
acl = {
|
acl = {
|
||||||
|
token_ttl = "30s"
|
||||||
policy_ttl = "30s"
|
policy_ttl = "30s"
|
||||||
|
default_policy = "allow"
|
||||||
|
down_policy = "extend-cache"
|
||||||
}
|
}
|
||||||
bind_addr = "0.0.0.0"
|
bind_addr = "0.0.0.0"
|
||||||
bootstrap = false
|
bootstrap = false
|
||||||
|
@ -5,8 +5,29 @@ import "fmt"
|
|||||||
type DeprecatedConfig struct {
|
type DeprecatedConfig struct {
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
ACLAgentMasterToken *string `mapstructure:"acl_agent_master_token"`
|
ACLAgentMasterToken *string `mapstructure:"acl_agent_master_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
|
ACLAgentToken *string `mapstructure:"acl_agent_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
|
ACLToken *string `mapstructure:"acl_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.enable_key_list_policy"
|
||||||
|
ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
|
||||||
|
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
||||||
|
ACLMasterToken *string `mapstructure:"acl_master_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
|
||||||
|
ACLReplicationToken *string `mapstructure:"acl_replication_token"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.enable_token_replication"
|
||||||
|
EnableACLReplication *bool `mapstructure:"enable_acl_replication"`
|
||||||
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
|
||||||
ACLDatacenter *string `mapstructure:"acl_datacenter"`
|
ACLDatacenter *string `mapstructure:"acl_datacenter"`
|
||||||
|
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.default_policy"
|
||||||
|
ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.down_policy"
|
||||||
|
ACLDownPolicy *string `mapstructure:"acl_down_policy"`
|
||||||
|
// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.token_ttl"
|
||||||
|
ACLTTL *string `mapstructure:"acl_ttl"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
|
func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
|
||||||
@ -20,6 +41,42 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
|
|||||||
warns = append(warns, deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"))
|
warns = append(warns, deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if dep.ACLAgentToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Agent == nil {
|
||||||
|
d.Config.ACL.Tokens.Agent = dep.ACLAgentToken
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_agent_token", "acl.tokens.agent"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Default == nil {
|
||||||
|
d.Config.ACL.Tokens.Default = dep.ACLToken
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_token", "acl.tokens.default"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLMasterToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Master == nil {
|
||||||
|
d.Config.ACL.Tokens.Master = dep.ACLMasterToken
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_master_token", "acl.tokens.master"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLReplicationToken != nil {
|
||||||
|
if d.Config.ACL.Tokens.Replication == nil {
|
||||||
|
d.Config.ACL.Tokens.Replication = dep.ACLReplicationToken
|
||||||
|
}
|
||||||
|
d.Config.ACL.TokenReplication = pBool(true)
|
||||||
|
warns = append(warns, deprecationWarning("acl_replication_token", "acl.tokens.replication"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.EnableACLReplication != nil {
|
||||||
|
if d.Config.ACL.TokenReplication == nil {
|
||||||
|
d.Config.ACL.TokenReplication = dep.EnableACLReplication
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("enable_acl_replication", "acl.enable_token_replication"))
|
||||||
|
}
|
||||||
|
|
||||||
if dep.ACLDatacenter != nil {
|
if dep.ACLDatacenter != nil {
|
||||||
if d.Config.PrimaryDatacenter == nil {
|
if d.Config.PrimaryDatacenter == nil {
|
||||||
d.Config.PrimaryDatacenter = dep.ACLDatacenter
|
d.Config.PrimaryDatacenter = dep.ACLDatacenter
|
||||||
@ -30,6 +87,34 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
|
|||||||
warns = append(warns, deprecationWarning("acl_datacenter", "primary_datacenter"))
|
warns = append(warns, deprecationWarning("acl_datacenter", "primary_datacenter"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if dep.ACLDefaultPolicy != nil {
|
||||||
|
if d.Config.ACL.DefaultPolicy == nil {
|
||||||
|
d.Config.ACL.DefaultPolicy = dep.ACLDefaultPolicy
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_default_policy", "acl.default_policy"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLDownPolicy != nil {
|
||||||
|
if d.Config.ACL.DownPolicy == nil {
|
||||||
|
d.Config.ACL.DownPolicy = dep.ACLDownPolicy
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_down_policy", "acl.down_policy"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLTTL != nil {
|
||||||
|
if d.Config.ACL.TokenTTL == nil {
|
||||||
|
d.Config.ACL.TokenTTL = dep.ACLTTL
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_ttl", "acl.token_ttl"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if dep.ACLEnableKeyListPolicy != nil {
|
||||||
|
if d.Config.ACL.EnableKeyListPolicy == nil {
|
||||||
|
d.Config.ACL.EnableKeyListPolicy = dep.ACLEnableKeyListPolicy
|
||||||
|
}
|
||||||
|
warns = append(warns, deprecationWarning("acl_enable_key_list_policy", "acl.enable_key_list_policy"))
|
||||||
|
}
|
||||||
|
|
||||||
return d.Config, warns
|
return d.Config, warns
|
||||||
}
|
}
|
||||||
|
|
||||||
|
93
agent/config/deprecated_test.go
Normal file
93
agent/config/deprecated_test.go
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"sort"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestLoad_DeprecatedConfig(t *testing.T) {
|
||||||
|
opts := LoadOpts{
|
||||||
|
HCL: []string{`
|
||||||
|
data_dir = "/foo"
|
||||||
|
|
||||||
|
acl_datacenter = "dcone"
|
||||||
|
|
||||||
|
acl_agent_master_token = "token1"
|
||||||
|
acl_agent_token = "token2"
|
||||||
|
acl_token = "token3"
|
||||||
|
|
||||||
|
acl_master_token = "token4"
|
||||||
|
acl_replication_token = "token5"
|
||||||
|
|
||||||
|
acl_default_policy = "deny"
|
||||||
|
acl_down_policy = "async-cache"
|
||||||
|
|
||||||
|
acl_ttl = "3h"
|
||||||
|
acl_enable_key_list_policy = true
|
||||||
|
|
||||||
|
`},
|
||||||
|
}
|
||||||
|
patchLoadOptsShims(&opts)
|
||||||
|
result, err := Load(opts)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
expectWarns := []string{
|
||||||
|
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
||||||
|
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
||||||
|
deprecationWarning("acl_datacenter", "primary_datacenter"),
|
||||||
|
deprecationWarning("acl_default_policy", "acl.default_policy"),
|
||||||
|
deprecationWarning("acl_down_policy", "acl.down_policy"),
|
||||||
|
deprecationWarning("acl_enable_key_list_policy", "acl.enable_key_list_policy"),
|
||||||
|
deprecationWarning("acl_master_token", "acl.tokens.master"),
|
||||||
|
deprecationWarning("acl_replication_token", "acl.tokens.replication"),
|
||||||
|
deprecationWarning("acl_token", "acl.tokens.default"),
|
||||||
|
deprecationWarning("acl_ttl", "acl.token_ttl"),
|
||||||
|
}
|
||||||
|
sort.Strings(result.Warnings)
|
||||||
|
require.Equal(t, expectWarns, result.Warnings)
|
||||||
|
// Ideally this would compare against the entire result.RuntimeConfig, but
|
||||||
|
// we have so many non-zero defaults in that response that the noise of those
|
||||||
|
// defaults makes this test difficult to read. So as a workaround, compare
|
||||||
|
// specific values.
|
||||||
|
rt := result.RuntimeConfig
|
||||||
|
require.Equal(t, true, rt.ACLsEnabled)
|
||||||
|
require.Equal(t, "dcone", rt.PrimaryDatacenter)
|
||||||
|
require.Equal(t, "token1", rt.ACLTokens.ACLAgentMasterToken)
|
||||||
|
require.Equal(t, "token2", rt.ACLTokens.ACLAgentToken)
|
||||||
|
require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken)
|
||||||
|
require.Equal(t, "token4", rt.ACLMasterToken)
|
||||||
|
require.Equal(t, "token5", rt.ACLTokens.ACLReplicationToken)
|
||||||
|
require.Equal(t, "deny", rt.ACLResolverSettings.ACLDefaultPolicy)
|
||||||
|
require.Equal(t, "async-cache", rt.ACLResolverSettings.ACLDownPolicy)
|
||||||
|
require.Equal(t, 3*time.Hour, rt.ACLResolverSettings.ACLTokenTTL)
|
||||||
|
require.Equal(t, true, rt.ACLEnableKeyListPolicy)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLoad_DeprecatedConfig_ACLReplication(t *testing.T) {
|
||||||
|
opts := LoadOpts{
|
||||||
|
HCL: []string{`
|
||||||
|
data_dir = "/foo"
|
||||||
|
|
||||||
|
enable_acl_replication = true
|
||||||
|
|
||||||
|
`},
|
||||||
|
}
|
||||||
|
patchLoadOptsShims(&opts)
|
||||||
|
result, err := Load(opts)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
expectWarns := []string{
|
||||||
|
deprecationWarning("enable_acl_replication", "acl.enable_token_replication"),
|
||||||
|
}
|
||||||
|
sort.Strings(result.Warnings)
|
||||||
|
require.Equal(t, expectWarns, result.Warnings)
|
||||||
|
// Ideally this would compare against the entire result.RuntimeConfig, but
|
||||||
|
// we have so many non-zero defaults in that response that the noise of those
|
||||||
|
// defaults makes this test difficult to read. So as a workaround, compare
|
||||||
|
// specific values.
|
||||||
|
rt := result.RuntimeConfig
|
||||||
|
require.Equal(t, true, rt.ACLTokenReplication)
|
||||||
|
}
|
@ -1633,16 +1633,28 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
|||||||
expectedWarnings: []string{`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`},
|
expectedWarnings: []string{`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`},
|
||||||
})
|
})
|
||||||
run(t, testCase{
|
run(t, testCase{
|
||||||
desc: "acl_replication_token enables acl replication",
|
desc: "acl_replication_token enables acl replication",
|
||||||
args: []string{`-data-dir=` + dataDir},
|
args: []string{`-data-dir=` + dataDir},
|
||||||
json: []string{`{ "acl_replication_token": "a" }`},
|
json: []string{`{ "acl_replication_token": "a" }`},
|
||||||
hcl: []string{`acl_replication_token = "a"`},
|
hcl: []string{`acl_replication_token = "a"`},
|
||||||
|
expectedWarnings: []string{deprecationWarning("acl_replication_token", "acl.tokens.replication")},
|
||||||
expected: func(rt *RuntimeConfig) {
|
expected: func(rt *RuntimeConfig) {
|
||||||
rt.ACLTokens.ACLReplicationToken = "a"
|
rt.ACLTokens.ACLReplicationToken = "a"
|
||||||
rt.ACLTokenReplication = true
|
rt.ACLTokenReplication = true
|
||||||
rt.DataDir = dataDir
|
rt.DataDir = dataDir
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
run(t, testCase{
|
||||||
|
desc: "acl.tokens.replace does not enable acl replication",
|
||||||
|
args: []string{`-data-dir=` + dataDir},
|
||||||
|
json: []string{`{ "acl": { "tokens": { "replication": "a" }}}`},
|
||||||
|
hcl: []string{`acl { tokens { replication = "a"}}`},
|
||||||
|
expected: func(rt *RuntimeConfig) {
|
||||||
|
rt.ACLTokens.ACLReplicationToken = "a"
|
||||||
|
rt.ACLTokenReplication = false
|
||||||
|
rt.DataDir = dataDir
|
||||||
|
},
|
||||||
|
})
|
||||||
run(t, testCase{
|
run(t, testCase{
|
||||||
desc: "acl_enforce_version_8 is deprecated",
|
desc: "acl_enforce_version_8 is deprecated",
|
||||||
args: []string{`-data-dir=` + dataDir},
|
args: []string{`-data-dir=` + dataDir},
|
||||||
@ -5902,8 +5914,17 @@ func TestLoad_FullConfig(t *testing.T) {
|
|||||||
entFullRuntimeConfig(expected)
|
entFullRuntimeConfig(expected)
|
||||||
|
|
||||||
expectedWarns := []string{
|
expectedWarns := []string{
|
||||||
`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`,
|
deprecationWarning("acl_datacenter", "primary_datacenter"),
|
||||||
`The 'acl_agent_master_token' field is deprecated. Use the 'acl.tokens.agent_master' field instead.`,
|
deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
|
||||||
|
deprecationWarning("acl_agent_token", "acl.tokens.agent"),
|
||||||
|
deprecationWarning("acl_token", "acl.tokens.default"),
|
||||||
|
deprecationWarning("acl_master_token", "acl.tokens.master"),
|
||||||
|
deprecationWarning("acl_replication_token", "acl.tokens.replication"),
|
||||||
|
deprecationWarning("enable_acl_replication", "acl.enable_token_replication"),
|
||||||
|
deprecationWarning("acl_default_policy", "acl.default_policy"),
|
||||||
|
deprecationWarning("acl_down_policy", "acl.down_policy"),
|
||||||
|
deprecationWarning("acl_ttl", "acl.token_ttl"),
|
||||||
|
deprecationWarning("acl_enable_key_list_policy", "acl.enable_key_list_policy"),
|
||||||
`bootstrap_expect > 0: expecting 53 servers`,
|
`bootstrap_expect > 0: expecting 53 servers`,
|
||||||
}
|
}
|
||||||
expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)
|
expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)
|
||||||
|
@ -759,10 +759,10 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||||||
running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
|
running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
|
||||||
using this ACL replication using this token to retrieve and replicate the ACLs
|
using this ACL replication using this token to retrieve and replicate the ACLs
|
||||||
to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable
|
to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable
|
||||||
ACL replication using [`enable_acl_replication`](#enable_acl_replication) and then
|
ACL replication using [`acl.enable_token_replication`](#acl_enable_token_replication) and then
|
||||||
set the token later using the [agent token API](/api/agent#update-acl-tokens)
|
set the token later using the [agent token API](/api/agent#update-acl-tokens)
|
||||||
on each server. If the `acl_replication_token` is set in the config, it will automatically
|
on each server. If the `acl_replication_token` is set in the config, it will automatically
|
||||||
set [`enable_acl_replication`](#enable_acl_replication) to true for backward compatibility.
|
set [`acl.enable_token_replication`](#acl_enable_token_replication) to true for backward compatibility.
|
||||||
|
|
||||||
If there's a partition or other outage affecting the authoritative datacenter, and the
|
If there's a partition or other outage affecting the authoritative datacenter, and the
|
||||||
[`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not
|
[`acl_down_policy`](/docs/agent/options#acl_down_policy) is set to "extend-cache", tokens not
|
||||||
@ -1447,7 +1447,8 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||||||
|
|
||||||
- `domain` Equivalent to the [`-domain` command-line flag](#_domain).
|
- `domain` Equivalent to the [`-domain` command-line flag](#_domain).
|
||||||
|
|
||||||
- `enable_acl_replication` When set on a Consul server, enables ACL replication without having to set
|
- `enable_acl_replication` **Deprecated in Consul 1.11. Use the [`acl.enable_token_replication`](#acl_enable_token_replication) field instead.**
|
||||||
|
When set on a Consul server, enables ACL replication without having to set
|
||||||
the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication
|
the replication token via [`acl_replication_token`](#acl_replication_token). Instead, enable ACL replication
|
||||||
and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server.
|
and then introduce the token using the [agent token API](/api/agent#update-acl-tokens) on each server.
|
||||||
See [`acl_replication_token`](#acl_replication_token) for more details.
|
See [`acl_replication_token`](#acl_replication_token) for more details.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user