acl: remove legacy field to ACLBoostrap

This commit is contained in:
Daniel Nephin 2021-09-21 19:50:54 -04:00
parent 0330966315
commit 966e50e00e
5 changed files with 10 additions and 10 deletions

View File

@ -500,7 +500,6 @@ func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} {
CAS: req.CAS, CAS: req.CAS,
AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks, AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks,
ProhibitUnprivileged: req.ProhibitUnprivileged, ProhibitUnprivileged: req.ProhibitUnprivileged,
Legacy: false,
FromReplication: req.FromReplication, FromReplication: req.FromReplication,
} }
return c.state.ACLTokenBatchSet(index, req.Tokens, opts) return c.state.ACLTokenBatchSet(index, req.Tokens, opts)
@ -524,7 +523,7 @@ func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} {
} }
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(), defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
[]metrics.Label{{Name: "op", Value: "bootstrap"}}) []metrics.Label{{Name: "op", Value: "bootstrap"}})
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token, false) return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token)
} }
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} { func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {

View File

@ -113,7 +113,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
Type: structs.ACLTokenTypeManagement, Type: structs.ACLTokenTypeManagement,
} }
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token, false)) require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
method := &structs.ACLAuthMethod{ method := &structs.ACLAuthMethod{
Name: "some-method", Name: "some-method",

View File

@ -74,7 +74,7 @@ func (s *Restore) ACLAuthMethod(method *structs.ACLAuthMethod) error {
// ACLBootstrap is used to perform a one-time ACL bootstrap operation on a // ACLBootstrap is used to perform a one-time ACL bootstrap operation on a
// cluster to get the first management token. // cluster to get the first management token.
func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, legacy bool) error { func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken) error {
tx := s.db.WriteTxn(idx) tx := s.db.WriteTxn(idx)
defer tx.Abort() defer tx.Abort()
@ -91,7 +91,7 @@ func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, le
} }
} }
if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{Legacy: legacy}); err != nil { if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{}); err != nil {
return fmt.Errorf("failed inserting bootstrap token: %v", err) return fmt.Errorf("failed inserting bootstrap token: %v", err)
} }
if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil { if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil {
@ -429,7 +429,7 @@ type ACLTokenSetOptions struct {
CAS bool CAS bool
AllowMissingPolicyAndRoleIDs bool AllowMissingPolicyAndRoleIDs bool
ProhibitUnprivileged bool ProhibitUnprivileged bool
Legacy bool Legacy bool // TODO(ACL-Legacy-Compat): remove
FromReplication bool FromReplication bool
} }

View File

@ -199,7 +199,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
require.Equal(t, uint64(0), index) require.Equal(t, uint64(0), index)
// Perform a regular bootstrap. // Perform a regular bootstrap.
require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone(), false)) require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone()))
// Make sure we can't bootstrap again // Make sure we can't bootstrap again
canBootstrap, index, err = s.CanBootstrapACLToken() canBootstrap, index, err = s.CanBootstrapACLToken()
@ -208,7 +208,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
require.Equal(t, uint64(3), index) require.Equal(t, uint64(3), index)
// Make sure another attempt fails. // Make sure another attempt fails.
err = s.ACLBootstrap(4, 0, token2.Clone(), false) err = s.ACLBootstrap(4, 0, token2.Clone())
require.Error(t, err) require.Error(t, err)
require.Equal(t, structs.ACLBootstrapNotAllowedErr, err) require.Equal(t, structs.ACLBootstrapNotAllowedErr, err)
@ -225,12 +225,12 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
compareTokens(t, token1, tokens[0]) compareTokens(t, token1, tokens[0])
// bootstrap reset // bootstrap reset
err = s.ACLBootstrap(32, index-1, token2.Clone(), false) err = s.ACLBootstrap(32, index-1, token2.Clone())
require.Error(t, err) require.Error(t, err)
require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err) require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err)
// bootstrap reset // bootstrap reset
err = s.ACLBootstrap(32, index, token2.Clone(), false) err = s.ACLBootstrap(32, index, token2.Clone())
require.NoError(t, err) require.NoError(t, err)
_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil) _, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)

View File

@ -432,6 +432,7 @@ func (t *ACLToken) HasExpirationTime() bool {
return t.ExpirationTime != nil && !t.ExpirationTime.IsZero() return t.ExpirationTime != nil && !t.ExpirationTime.IsZero()
} }
// TODO(ACL-Legacy-Compat): remove
func (t *ACLToken) UsesNonLegacyFields() bool { func (t *ACLToken) UsesNonLegacyFields() bool {
return len(t.Policies) > 0 || return len(t.Policies) > 0 ||
len(t.ServiceIdentities) > 0 || len(t.ServiceIdentities) > 0 ||