config: move acl_{default,down}_policy to DeprecatedConfig

2025-01-22 03:29:43 +00:00 · 2021-09-03 18:00:28 -04:00 · 2021-09-03 18:00:28 -04:00 · 977f6d8888
commit 977f6d8888
parent 5eafcea4d4
6 changed files with 32 additions and 8 deletions
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@ -858,8 +858,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 			ACLPolicyTTL:     b.durationVal("acl.policy_ttl", c.ACL.PolicyTTL),
 			ACLTokenTTL:      b.durationValWithDefault("acl.token_ttl", c.ACL.TokenTTL, b.durationVal("acl_ttl", c.ACLTTL)),
 			ACLRoleTTL:       b.durationVal("acl.role_ttl", c.ACL.RoleTTL),
-			ACLDownPolicy:    stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)),
-			ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)),
+			ACLDownPolicy:    stringVal(c.ACL.DownPolicy),
+			ACLDefaultPolicy: stringVal(c.ACL.DefaultPolicy),
 		},

 		ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -130,10 +130,6 @@ type Cache struct {
 // configuration it should be treated as an external API which cannot be
 // changed and refactored at will since this will break existing setups.
 type Config struct {
-	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
-	ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
-	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
-	ACLDownPolicy *string `mapstructure:"acl_down_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
 	ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
--- a/agent/config/default.go
+++ b/agent/config/default.go
@ -27,11 +27,11 @@ func DefaultSource() Source {
 		Name:   "default",
 		Format: "hcl",
 		Data: `
-		acl_default_policy = "allow"
-		acl_down_policy = "extend-cache"
 		acl_ttl = "30s"
 		acl = {
 			policy_ttl = "30s"
+			default_policy = "allow"
+			down_policy = "extend-cache"
 		}
 		bind_addr = "0.0.0.0"
 		bootstrap = false
--- a/agent/config/deprecated.go
+++ b/agent/config/deprecated.go
@ -19,6 +19,11 @@ type DeprecatedConfig struct {

 	// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
 	ACLDatacenter *string `mapstructure:"acl_datacenter"`
+
+	// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.default_policy"
+	ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
+	// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.down_policy"
+	ACLDownPolicy *string `mapstructure:"acl_down_policy"`
 }

 func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
@ -78,6 +83,20 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
 		warns = append(warns, deprecationWarning("acl_datacenter", "primary_datacenter"))
 	}

+	if dep.ACLDefaultPolicy != nil {
+		if d.Config.ACL.DefaultPolicy == nil {
+			d.Config.ACL.DefaultPolicy = dep.ACLDefaultPolicy
+		}
+		warns = append(warns, deprecationWarning("acl_default_policy", "acl.default_policy"))
+	}
+
+	if dep.ACLDownPolicy != nil {
+		if d.Config.ACL.DownPolicy == nil {
+			d.Config.ACL.DownPolicy = dep.ACLDownPolicy
+		}
+		warns = append(warns, deprecationWarning("acl_down_policy", "acl.down_policy"))
+	}
+
 	return d.Config, warns
 }

--- a/agent/config/deprecated_test.go
+++ b/agent/config/deprecated_test.go
@ -21,6 +21,9 @@ acl_token = "token3"
 acl_master_token = "token4"
 acl_replication_token = "token5"

+acl_default_policy = "deny"
+acl_down_policy = "async-cache"
+
 `},
 	}
 	patchLoadOptsShims(&opts)
@ -31,6 +34,8 @@ acl_replication_token = "token5"
 		deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
 		deprecationWarning("acl_agent_token", "acl.tokens.agent"),
 		deprecationWarning("acl_datacenter", "primary_datacenter"),
+		deprecationWarning("acl_default_policy", "acl.default_policy"),
+		deprecationWarning("acl_down_policy", "acl.down_policy"),
 		deprecationWarning("acl_master_token", "acl.tokens.master"),
 		deprecationWarning("acl_replication_token", "acl.tokens.replication"),
 		deprecationWarning("acl_token", "acl.tokens.default"),
@ -49,6 +54,8 @@ acl_replication_token = "token5"
 	require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken)
 	require.Equal(t, "token4", rt.ACLMasterToken)
 	require.Equal(t, "token5", rt.ACLTokens.ACLReplicationToken)
+	require.Equal(t, "deny", rt.ACLResolverSettings.ACLDefaultPolicy)
+	require.Equal(t, "async-cache", rt.ACLResolverSettings.ACLDownPolicy)
 }

 func TestLoad_DeprecatedConfig_ACLReplication(t *testing.T) {
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@ -5921,6 +5921,8 @@ func TestLoad_FullConfig(t *testing.T) {
 		deprecationWarning("acl_master_token", "acl.tokens.master"),
 		deprecationWarning("acl_replication_token", "acl.tokens.replication"),
 		deprecationWarning("enable_acl_replication", "acl.enable_token_replication"),
+		deprecationWarning("acl_default_policy", "acl.default_policy"),
+		deprecationWarning("acl_down_policy", "acl.down_policy"),
 		`bootstrap_expect > 0: expecting 53 servers`,
 	}
 	expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)