mirror of https://github.com/status-im/consul.git
acl: remove legacy field to ACLBoostrap
This commit is contained in:
parent
0330966315
commit
966e50e00e
|
@ -500,7 +500,6 @@ func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} {
|
|||
CAS: req.CAS,
|
||||
AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks,
|
||||
ProhibitUnprivileged: req.ProhibitUnprivileged,
|
||||
Legacy: false,
|
||||
FromReplication: req.FromReplication,
|
||||
}
|
||||
return c.state.ACLTokenBatchSet(index, req.Tokens, opts)
|
||||
|
@ -524,7 +523,7 @@ func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} {
|
|||
}
|
||||
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
||||
[]metrics.Label{{Name: "op", Value: "bootstrap"}})
|
||||
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token, false)
|
||||
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token)
|
||||
}
|
||||
|
||||
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {
|
||||
|
|
|
@ -113,7 +113,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
|
|||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
}
|
||||
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token, false))
|
||||
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
|
||||
|
||||
method := &structs.ACLAuthMethod{
|
||||
Name: "some-method",
|
||||
|
|
|
@ -74,7 +74,7 @@ func (s *Restore) ACLAuthMethod(method *structs.ACLAuthMethod) error {
|
|||
|
||||
// ACLBootstrap is used to perform a one-time ACL bootstrap operation on a
|
||||
// cluster to get the first management token.
|
||||
func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, legacy bool) error {
|
||||
func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -91,7 +91,7 @@ func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, le
|
|||
}
|
||||
}
|
||||
|
||||
if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{Legacy: legacy}); err != nil {
|
||||
if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{}); err != nil {
|
||||
return fmt.Errorf("failed inserting bootstrap token: %v", err)
|
||||
}
|
||||
if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil {
|
||||
|
@ -429,7 +429,7 @@ type ACLTokenSetOptions struct {
|
|||
CAS bool
|
||||
AllowMissingPolicyAndRoleIDs bool
|
||||
ProhibitUnprivileged bool
|
||||
Legacy bool
|
||||
Legacy bool // TODO(ACL-Legacy-Compat): remove
|
||||
FromReplication bool
|
||||
}
|
||||
|
||||
|
|
|
@ -199,7 +199,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
|||
require.Equal(t, uint64(0), index)
|
||||
|
||||
// Perform a regular bootstrap.
|
||||
require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone(), false))
|
||||
require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone()))
|
||||
|
||||
// Make sure we can't bootstrap again
|
||||
canBootstrap, index, err = s.CanBootstrapACLToken()
|
||||
|
@ -208,7 +208,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
|||
require.Equal(t, uint64(3), index)
|
||||
|
||||
// Make sure another attempt fails.
|
||||
err = s.ACLBootstrap(4, 0, token2.Clone(), false)
|
||||
err = s.ACLBootstrap(4, 0, token2.Clone())
|
||||
require.Error(t, err)
|
||||
require.Equal(t, structs.ACLBootstrapNotAllowedErr, err)
|
||||
|
||||
|
@ -225,12 +225,12 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
|||
compareTokens(t, token1, tokens[0])
|
||||
|
||||
// bootstrap reset
|
||||
err = s.ACLBootstrap(32, index-1, token2.Clone(), false)
|
||||
err = s.ACLBootstrap(32, index-1, token2.Clone())
|
||||
require.Error(t, err)
|
||||
require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err)
|
||||
|
||||
// bootstrap reset
|
||||
err = s.ACLBootstrap(32, index, token2.Clone(), false)
|
||||
err = s.ACLBootstrap(32, index, token2.Clone())
|
||||
require.NoError(t, err)
|
||||
|
||||
_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
|
||||
|
|
|
@ -432,6 +432,7 @@ func (t *ACLToken) HasExpirationTime() bool {
|
|||
return t.ExpirationTime != nil && !t.ExpirationTime.IsZero()
|
||||
}
|
||||
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
func (t *ACLToken) UsesNonLegacyFields() bool {
|
||||
return len(t.Policies) > 0 ||
|
||||
len(t.ServiceIdentities) > 0 ||
|
||||
|
|
Loading…
Reference in New Issue