diff --git a/agent/consul/fsm/commands_oss.go b/agent/consul/fsm/commands_oss.go index 36a7132f1d..25871585ea 100644 --- a/agent/consul/fsm/commands_oss.go +++ b/agent/consul/fsm/commands_oss.go @@ -500,7 +500,6 @@ func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} { CAS: req.CAS, AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks, ProhibitUnprivileged: req.ProhibitUnprivileged, - Legacy: false, FromReplication: req.FromReplication, } return c.state.ACLTokenBatchSet(index, req.Tokens, opts) @@ -524,7 +523,7 @@ func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} { } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(), []metrics.Label{{Name: "op", Value: "bootstrap"}}) - return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token, false) + return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token) } func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} { diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index 13d8bb90b9..e2f8c6e03d 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -113,7 +113,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs Type: structs.ACLTokenTypeManagement, } - require.NoError(t, fsm.state.ACLBootstrap(10, 0, token, false)) + require.NoError(t, fsm.state.ACLBootstrap(10, 0, token)) method := &structs.ACLAuthMethod{ Name: "some-method", diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index fdc20a8056..573aeaeaca 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -74,7 +74,7 @@ func (s *Restore) ACLAuthMethod(method *structs.ACLAuthMethod) error { // ACLBootstrap is used to perform a one-time ACL bootstrap operation on a // cluster to get the first management token. -func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, legacy bool) error { +func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -91,7 +91,7 @@ func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, le } } - if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{Legacy: legacy}); err != nil { + if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{}); err != nil { return fmt.Errorf("failed inserting bootstrap token: %v", err) } if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil { @@ -429,7 +429,7 @@ type ACLTokenSetOptions struct { CAS bool AllowMissingPolicyAndRoleIDs bool ProhibitUnprivileged bool - Legacy bool + Legacy bool // TODO(ACL-Legacy-Compat): remove FromReplication bool } diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go index 768efb4087..2fba770d6f 100644 --- a/agent/consul/state/acl_test.go +++ b/agent/consul/state/acl_test.go @@ -199,7 +199,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) { require.Equal(t, uint64(0), index) // Perform a regular bootstrap. - require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone(), false)) + require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone())) // Make sure we can't bootstrap again canBootstrap, index, err = s.CanBootstrapACLToken() @@ -208,7 +208,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) { require.Equal(t, uint64(3), index) // Make sure another attempt fails. - err = s.ACLBootstrap(4, 0, token2.Clone(), false) + err = s.ACLBootstrap(4, 0, token2.Clone()) require.Error(t, err) require.Equal(t, structs.ACLBootstrapNotAllowedErr, err) @@ -225,12 +225,12 @@ func TestStateStore_ACLBootstrap(t *testing.T) { compareTokens(t, token1, tokens[0]) // bootstrap reset - err = s.ACLBootstrap(32, index-1, token2.Clone(), false) + err = s.ACLBootstrap(32, index-1, token2.Clone()) require.Error(t, err) require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err) // bootstrap reset - err = s.ACLBootstrap(32, index, token2.Clone(), false) + err = s.ACLBootstrap(32, index, token2.Clone()) require.NoError(t, err) _, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil) diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 67dbbb8711..1c3d2a261d 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -432,6 +432,7 @@ func (t *ACLToken) HasExpirationTime() bool { return t.ExpirationTime != nil && !t.ExpirationTime.IsZero() } +// TODO(ACL-Legacy-Compat): remove func (t *ACLToken) UsesNonLegacyFields() bool { return len(t.Policies) > 0 || len(t.ServiceIdentities) > 0 ||