mirror of https://github.com/status-im/consul.git
acl: remove initializeLegacyACL from leader init
This commit is contained in:
parent
05f0cc3993
commit
dab5d1bdc8
|
@ -398,102 +398,6 @@ func (s *Server) revokeLeadership() {
|
||||||
<-s.autopilot.Stop()
|
<-s.autopilot.Stop()
|
||||||
}
|
}
|
||||||
|
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - Remove once old ACL compatibility is removed
|
|
||||||
func (s *Server) initializeLegacyACL() error {
|
|
||||||
if !s.config.ACLsEnabled {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
authDC := s.config.PrimaryDatacenter
|
|
||||||
|
|
||||||
// Create anonymous token if missing.
|
|
||||||
state := s.fsm.State()
|
|
||||||
_, token, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to get anonymous token: %v", err)
|
|
||||||
}
|
|
||||||
// Ignoring expiration times to avoid an insertion collision.
|
|
||||||
if token == nil {
|
|
||||||
req := structs.ACLRequest{
|
|
||||||
Datacenter: authDC,
|
|
||||||
Op: structs.ACLSet,
|
|
||||||
ACL: structs.ACL{
|
|
||||||
ID: anonymousToken,
|
|
||||||
Name: "Anonymous Token",
|
|
||||||
Type: structs.ACLTokenTypeClient,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
_, err := s.raftApply(structs.ACLRequestType, &req)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to create anonymous token: %v", err)
|
|
||||||
}
|
|
||||||
s.logger.Info("Created the anonymous token")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check for configured master token.
|
|
||||||
if master := s.config.ACLMasterToken; len(master) > 0 {
|
|
||||||
_, token, err = state.ACLTokenGetBySecret(nil, master, nil)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to get master token: %v", err)
|
|
||||||
}
|
|
||||||
// Ignoring expiration times to avoid an insertion collision.
|
|
||||||
if token == nil {
|
|
||||||
req := structs.ACLRequest{
|
|
||||||
Datacenter: authDC,
|
|
||||||
Op: structs.ACLSet,
|
|
||||||
ACL: structs.ACL{
|
|
||||||
ID: master,
|
|
||||||
Name: "Master Token",
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
_, err := s.raftApply(structs.ACLRequestType, &req)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to create master token: %v", err)
|
|
||||||
}
|
|
||||||
s.logger.Info("Created ACL master token from configuration")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check to see if we need to initialize the ACL bootstrap info. This
|
|
||||||
// needs a Consul version check since it introduces a new Raft operation
|
|
||||||
// that'll produce an error on older servers, and it also makes a piece
|
|
||||||
// of state in the state store that will cause problems with older
|
|
||||||
// servers consuming snapshots, so we have to wait to create it.
|
|
||||||
var minVersion = version.Must(version.NewVersion("0.9.1"))
|
|
||||||
if ok, _ := ServersInDCMeetMinimumVersion(s, s.config.Datacenter, minVersion); ok {
|
|
||||||
canBootstrap, _, err := state.CanBootstrapACLToken()
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed looking for ACL bootstrap info: %v", err)
|
|
||||||
}
|
|
||||||
if canBootstrap {
|
|
||||||
req := structs.ACLRequest{
|
|
||||||
Datacenter: authDC,
|
|
||||||
Op: structs.ACLBootstrapInit,
|
|
||||||
}
|
|
||||||
resp, err := s.raftApply(structs.ACLRequestType, &req)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to initialize ACL bootstrap: %v", err)
|
|
||||||
}
|
|
||||||
switch v := resp.(type) {
|
|
||||||
case bool:
|
|
||||||
if v {
|
|
||||||
s.logger.Info("ACL bootstrap enabled")
|
|
||||||
} else {
|
|
||||||
s.logger.Info("ACL bootstrap disabled, existing management tokens found")
|
|
||||||
}
|
|
||||||
|
|
||||||
default:
|
|
||||||
return fmt.Errorf("unexpected response trying to initialize ACL bootstrap: %T", v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
s.logger.Warn("Can't initialize ACL bootstrap until all servers are >= " + minVersion.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// initializeACLs is used to setup the ACLs if we are the leader
|
// initializeACLs is used to setup the ACLs if we are the leader
|
||||||
// and need to do this.
|
// and need to do this.
|
||||||
func (s *Server) initializeACLs(ctx context.Context, upgrade bool) error {
|
func (s *Server) initializeACLs(ctx context.Context, upgrade bool) error {
|
||||||
|
@ -525,11 +429,6 @@ func (s *Server) initializeACLs(ctx context.Context, upgrade bool) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.InACLDatacenter() {
|
if s.InACLDatacenter() {
|
||||||
if s.UseLegacyACLs() && !upgrade {
|
|
||||||
s.logger.Info("initializing legacy acls")
|
|
||||||
return s.initializeLegacyACL()
|
|
||||||
}
|
|
||||||
|
|
||||||
s.logger.Info("initializing acls")
|
s.logger.Info("initializing acls")
|
||||||
|
|
||||||
// TODO(partitions): initialize acls in all of the partitions?
|
// TODO(partitions): initialize acls in all of the partitions?
|
||||||
|
|
Loading…
Reference in New Issue