config: move acl_{default,down}_policy to DeprecatedConfig

2025-01-22 03:29:43 +00:00 · 2021-09-03 18:00:28 -04:00 · 2021-09-03 18:00:28 -04:00 · 977f6d8888
commit 977f6d8888
parent 5eafcea4d4
6 changed files with 32 additions and 8 deletions
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@ -858,8 +858,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 			ACLPolicyTTL:     b.durationVal("acl.policy_ttl", c.ACL.PolicyTTL),
 			ACLTokenTTL:      b.durationValWithDefault("acl.token_ttl", c.ACL.TokenTTL, b.durationVal("acl_ttl", c.ACLTTL)),
 			ACLRoleTTL:       b.durationVal("acl.role_ttl", c.ACL.RoleTTL),
-			ACLDownPolicy:    stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)),
+			ACLDownPolicy:    stringVal(c.ACL.DownPolicy),
-			ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)),
+			ACLDefaultPolicy: stringVal(c.ACL.DefaultPolicy),
 		},
 		ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -130,10 +130,6 @@ type Cache struct {
 // configuration it should be treated as an external API which cannot be
 // changed and refactored at will since this will break existing setups.
 type Config struct {
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
 	ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
 	ACLDownPolicy *string `mapstructure:"acl_down_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
 	ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza
--- a/agent/config/default.go
+++ b/agent/config/default.go
@ -27,11 +27,11 @@ func DefaultSource() Source {
 		Name:   "default",
 		Format: "hcl",
 		Data: `
 		acl_default_policy = "allow"
 		acl_down_policy = "extend-cache"
 		acl_ttl = "30s"
 		acl = {
 			policy_ttl = "30s"
 			default_policy = "allow"
 			down_policy = "extend-cache"
 		}
 		bind_addr = "0.0.0.0"
 		bootstrap = false
--- a/agent/config/deprecated.go
+++ b/agent/config/deprecated.go
@ -19,6 +19,11 @@ type DeprecatedConfig struct {
 	// DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter"
 	ACLDatacenter *string `mapstructure:"acl_datacenter"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.default_policy"
 	ACLDefaultPolicy *string `mapstructure:"acl_default_policy"`
 	// DEPRECATED (ACL-Legacy-Compat) - moved to "acl.down_policy"
 	ACLDownPolicy *string `mapstructure:"acl_down_policy"`
 }
 func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
@ -78,6 +83,20 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) {
 		warns = append(warns, deprecationWarning("acl_datacenter", "primary_datacenter"))
 	}
 	if dep.ACLDefaultPolicy != nil {
 		if d.Config.ACL.DefaultPolicy == nil {
 			d.Config.ACL.DefaultPolicy = dep.ACLDefaultPolicy
 		}
 		warns = append(warns, deprecationWarning("acl_default_policy", "acl.default_policy"))
 	}
 	if dep.ACLDownPolicy != nil {
 		if d.Config.ACL.DownPolicy == nil {
 			d.Config.ACL.DownPolicy = dep.ACLDownPolicy
 		}
 		warns = append(warns, deprecationWarning("acl_down_policy", "acl.down_policy"))
 	}
 	return d.Config, warns
 }
--- a/agent/config/deprecated_test.go
+++ b/agent/config/deprecated_test.go
@ -21,6 +21,9 @@ acl_token = "token3"
 acl_master_token = "token4"
 acl_replication_token = "token5"
 acl_default_policy = "deny"
 acl_down_policy = "async-cache"
 `},
 	}
 	patchLoadOptsShims(&opts)
@ -31,6 +34,8 @@ acl_replication_token = "token5"
 		deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"),
 		deprecationWarning("acl_agent_token", "acl.tokens.agent"),
 		deprecationWarning("acl_datacenter", "primary_datacenter"),
 		deprecationWarning("acl_default_policy", "acl.default_policy"),
 		deprecationWarning("acl_down_policy", "acl.down_policy"),
 		deprecationWarning("acl_master_token", "acl.tokens.master"),
 		deprecationWarning("acl_replication_token", "acl.tokens.replication"),
 		deprecationWarning("acl_token", "acl.tokens.default"),
@ -49,6 +54,8 @@ acl_replication_token = "token5"
 	require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken)
 	require.Equal(t, "token4", rt.ACLMasterToken)
 	require.Equal(t, "token5", rt.ACLTokens.ACLReplicationToken)
 	require.Equal(t, "deny", rt.ACLResolverSettings.ACLDefaultPolicy)
 	require.Equal(t, "async-cache", rt.ACLResolverSettings.ACLDownPolicy)
 }
 func TestLoad_DeprecatedConfig_ACLReplication(t *testing.T) {
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@ -5921,6 +5921,8 @@ func TestLoad_FullConfig(t *testing.T) {
 		deprecationWarning("acl_master_token", "acl.tokens.master"),
 		deprecationWarning("acl_replication_token", "acl.tokens.replication"),
 		deprecationWarning("enable_acl_replication", "acl.enable_token_replication"),
 		deprecationWarning("acl_default_policy", "acl.default_policy"),
 		deprecationWarning("acl_down_policy", "acl.down_policy"),
 		`bootstrap_expect > 0: expecting 53 servers`,
 	}
 	expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)