mirror of https://github.com/status-im/consul.git
acl: remove legacy field to ACLBoostrap
This commit is contained in:
parent
0330966315
commit
966e50e00e
|
@ -500,7 +500,6 @@ func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} {
|
||||||
CAS: req.CAS,
|
CAS: req.CAS,
|
||||||
AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks,
|
AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks,
|
||||||
ProhibitUnprivileged: req.ProhibitUnprivileged,
|
ProhibitUnprivileged: req.ProhibitUnprivileged,
|
||||||
Legacy: false,
|
|
||||||
FromReplication: req.FromReplication,
|
FromReplication: req.FromReplication,
|
||||||
}
|
}
|
||||||
return c.state.ACLTokenBatchSet(index, req.Tokens, opts)
|
return c.state.ACLTokenBatchSet(index, req.Tokens, opts)
|
||||||
|
@ -524,7 +523,7 @@ func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} {
|
||||||
}
|
}
|
||||||
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
||||||
[]metrics.Label{{Name: "op", Value: "bootstrap"}})
|
[]metrics.Label{{Name: "op", Value: "bootstrap"}})
|
||||||
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token, false)
|
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {
|
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {
|
||||||
|
|
|
@ -113,7 +113,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||||
Type: structs.ACLTokenTypeManagement,
|
Type: structs.ACLTokenTypeManagement,
|
||||||
}
|
}
|
||||||
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token, false))
|
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
|
||||||
|
|
||||||
method := &structs.ACLAuthMethod{
|
method := &structs.ACLAuthMethod{
|
||||||
Name: "some-method",
|
Name: "some-method",
|
||||||
|
|
|
@ -74,7 +74,7 @@ func (s *Restore) ACLAuthMethod(method *structs.ACLAuthMethod) error {
|
||||||
|
|
||||||
// ACLBootstrap is used to perform a one-time ACL bootstrap operation on a
|
// ACLBootstrap is used to perform a one-time ACL bootstrap operation on a
|
||||||
// cluster to get the first management token.
|
// cluster to get the first management token.
|
||||||
func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, legacy bool) error {
|
func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken) error {
|
||||||
tx := s.db.WriteTxn(idx)
|
tx := s.db.WriteTxn(idx)
|
||||||
defer tx.Abort()
|
defer tx.Abort()
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken, le
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{Legacy: legacy}); err != nil {
|
if err := aclTokenSetTxn(tx, idx, token, ACLTokenSetOptions{}); err != nil {
|
||||||
return fmt.Errorf("failed inserting bootstrap token: %v", err)
|
return fmt.Errorf("failed inserting bootstrap token: %v", err)
|
||||||
}
|
}
|
||||||
if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil {
|
if err := tx.Insert(tableIndex, &IndexEntry{"acl-token-bootstrap", idx}); err != nil {
|
||||||
|
@ -429,7 +429,7 @@ type ACLTokenSetOptions struct {
|
||||||
CAS bool
|
CAS bool
|
||||||
AllowMissingPolicyAndRoleIDs bool
|
AllowMissingPolicyAndRoleIDs bool
|
||||||
ProhibitUnprivileged bool
|
ProhibitUnprivileged bool
|
||||||
Legacy bool
|
Legacy bool // TODO(ACL-Legacy-Compat): remove
|
||||||
FromReplication bool
|
FromReplication bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -199,7 +199,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
||||||
require.Equal(t, uint64(0), index)
|
require.Equal(t, uint64(0), index)
|
||||||
|
|
||||||
// Perform a regular bootstrap.
|
// Perform a regular bootstrap.
|
||||||
require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone(), false))
|
require.NoError(t, s.ACLBootstrap(3, 0, token1.Clone()))
|
||||||
|
|
||||||
// Make sure we can't bootstrap again
|
// Make sure we can't bootstrap again
|
||||||
canBootstrap, index, err = s.CanBootstrapACLToken()
|
canBootstrap, index, err = s.CanBootstrapACLToken()
|
||||||
|
@ -208,7 +208,7 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
||||||
require.Equal(t, uint64(3), index)
|
require.Equal(t, uint64(3), index)
|
||||||
|
|
||||||
// Make sure another attempt fails.
|
// Make sure another attempt fails.
|
||||||
err = s.ACLBootstrap(4, 0, token2.Clone(), false)
|
err = s.ACLBootstrap(4, 0, token2.Clone())
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
require.Equal(t, structs.ACLBootstrapNotAllowedErr, err)
|
require.Equal(t, structs.ACLBootstrapNotAllowedErr, err)
|
||||||
|
|
||||||
|
@ -225,12 +225,12 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
||||||
compareTokens(t, token1, tokens[0])
|
compareTokens(t, token1, tokens[0])
|
||||||
|
|
||||||
// bootstrap reset
|
// bootstrap reset
|
||||||
err = s.ACLBootstrap(32, index-1, token2.Clone(), false)
|
err = s.ACLBootstrap(32, index-1, token2.Clone())
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err)
|
require.Equal(t, structs.ACLBootstrapInvalidResetIndexErr, err)
|
||||||
|
|
||||||
// bootstrap reset
|
// bootstrap reset
|
||||||
err = s.ACLBootstrap(32, index, token2.Clone(), false)
|
err = s.ACLBootstrap(32, index, token2.Clone())
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
|
_, tokens, err = s.ACLTokenList(nil, true, true, "", "", "", nil, nil)
|
||||||
|
|
|
@ -432,6 +432,7 @@ func (t *ACLToken) HasExpirationTime() bool {
|
||||||
return t.ExpirationTime != nil && !t.ExpirationTime.IsZero()
|
return t.ExpirationTime != nil && !t.ExpirationTime.IsZero()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO(ACL-Legacy-Compat): remove
|
||||||
func (t *ACLToken) UsesNonLegacyFields() bool {
|
func (t *ACLToken) UsesNonLegacyFields() bool {
|
||||||
return len(t.Policies) > 0 ||
|
return len(t.Policies) > 0 ||
|
||||||
len(t.ServiceIdentities) > 0 ||
|
len(t.ServiceIdentities) > 0 ||
|
||||||
|
|
Loading…
Reference in New Issue