mirror of https://github.com/status-im/consul.git
acl: remove a couple legacy ACL operation constants
structs.ACLForceSet was deprecated 4 years ago, it should be safe to remove now. ACLBootstrapNow was removed in a recent commit. While it is technically possible that a cluster with mixed version could still attempt a legacy boostrap, we documented that the legacy system was deprecated in 1.4, so no clusters that are being upgraded should be attempting a legacy boostrap.
This commit is contained in:
parent
868bfc7a0a
commit
e7c63004a8
|
@ -260,24 +260,7 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return enabled
|
return enabled
|
||||||
case structs.ACLBootstrapNow:
|
case structs.ACLSet:
|
||||||
// This is a bootstrap request from a non-upgraded node
|
|
||||||
if err := c.state.ACLBootstrap(index, 0, req.ACL.Convert(), true); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// No need to check expiration times as those did not exist in legacy tokens.
|
|
||||||
if _, token, err := c.state.ACLTokenGetBySecret(nil, req.ACL.ID, nil); err != nil {
|
|
||||||
return err
|
|
||||||
} else {
|
|
||||||
acl, err := token.Convert()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return acl
|
|
||||||
}
|
|
||||||
|
|
||||||
case structs.ACLForceSet, structs.ACLSet:
|
|
||||||
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
|
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -923,29 +923,6 @@ func TestFSM_ACL_CRUD(t *testing.T) {
|
||||||
if !canBootstrap {
|
if !canBootstrap {
|
||||||
t.Fatalf("bad: shouldn't be able to bootstrap")
|
t.Fatalf("bad: shouldn't be able to bootstrap")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do a bootstrap.
|
|
||||||
bootstrap := structs.ACLRequest{
|
|
||||||
Datacenter: "dc1",
|
|
||||||
Op: structs.ACLBootstrapNow,
|
|
||||||
ACL: structs.ACL{
|
|
||||||
ID: generateUUID(),
|
|
||||||
Name: "Bootstrap Token",
|
|
||||||
Type: structs.ACLTokenTypeManagement,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
buf, err = structs.Encode(structs.ACLRequestType, bootstrap)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("err: %v", err)
|
|
||||||
}
|
|
||||||
resp = fsm.Apply(makeLog(buf))
|
|
||||||
respACL, ok := resp.(*structs.ACL)
|
|
||||||
if !ok {
|
|
||||||
t.Fatalf("resp: %v", resp)
|
|
||||||
}
|
|
||||||
bootstrap.ACL.CreateIndex = respACL.CreateIndex
|
|
||||||
bootstrap.ACL.ModifyIndex = respACL.ModifyIndex
|
|
||||||
require.Equal(t, &bootstrap.ACL, respACL)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestFSM_PreparedQuery_CRUD(t *testing.T) {
|
func TestFSM_PreparedQuery_CRUD(t *testing.T) {
|
||||||
|
|
|
@ -91,9 +91,11 @@ func ACLIDReserved(id string) bool {
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// ACLSet creates or updates a token.
|
// ACLSet creates or updates a token.
|
||||||
|
// TODO(ACL-Legacy-Compat): remove
|
||||||
ACLSet ACLOp = "set"
|
ACLSet ACLOp = "set"
|
||||||
|
|
||||||
// ACLDelete deletes a token.
|
// ACLDelete deletes a token.
|
||||||
|
// TODO(ACL-Legacy-Compat): remove
|
||||||
ACLDelete ACLOp = "delete"
|
ACLDelete ACLOp = "delete"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@
|
||||||
package structs
|
package structs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -18,21 +17,10 @@ const (
|
||||||
// ACLBootstrapInit is used to perform a scan for existing tokens which
|
// ACLBootstrapInit is used to perform a scan for existing tokens which
|
||||||
// will decide whether bootstrapping is allowed for a cluster. This is
|
// will decide whether bootstrapping is allowed for a cluster. This is
|
||||||
// initiated by the leader when it steps up, if necessary.
|
// initiated by the leader when it steps up, if necessary.
|
||||||
|
// TODO(ACL-Legacy-Compat): remove
|
||||||
ACLBootstrapInit ACLOp = "bootstrap-init"
|
ACLBootstrapInit ACLOp = "bootstrap-init"
|
||||||
|
|
||||||
// ACLBootstrapNow is used to perform a one-time ACL bootstrap operation on
|
|
||||||
// a cluster to get the first management token.
|
|
||||||
ACLBootstrapNow ACLOp = "bootstrap-now"
|
|
||||||
|
|
||||||
// ACLForceSet is deprecated, but left for backwards compatibility.
|
|
||||||
ACLForceSet ACLOp = "force-set"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// ACLBootstrapNotInitializedErr is returned when a bootstrap is attempted but
|
|
||||||
// we haven't yet initialized ACL bootstrap. It provides some guidance to
|
|
||||||
// operators on how to proceed.
|
|
||||||
var ACLBootstrapNotInitializedErr = errors.New("ACL bootstrap not initialized, need to force a leader election and ensure all Consul servers support this feature")
|
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// ACLTokenTypeClient tokens have rules applied
|
// ACLTokenTypeClient tokens have rules applied
|
||||||
ACLTokenTypeClient = "client"
|
ACLTokenTypeClient = "client"
|
||||||
|
@ -62,6 +50,7 @@ type ACLs []*ACL
|
||||||
// equivalent. This will NOT fill in the other ACLToken fields or perform any other
|
// equivalent. This will NOT fill in the other ACLToken fields or perform any other
|
||||||
// upgrade (other than correcting an older HCL syntax that is no longer
|
// upgrade (other than correcting an older HCL syntax that is no longer
|
||||||
// supported).
|
// supported).
|
||||||
|
// TODO(ACL-Legacy-Compat): remove
|
||||||
func (a *ACL) Convert() *ACLToken {
|
func (a *ACL) Convert() *ACLToken {
|
||||||
// Ensure that we correct any old HCL in legacy tokens to prevent old
|
// Ensure that we correct any old HCL in legacy tokens to prevent old
|
||||||
// syntax from leaking elsewhere into the system.
|
// syntax from leaking elsewhere into the system.
|
||||||
|
|
Loading…
Reference in New Issue