From 047abdd73cf02508a6acb7d56e080892199dcdf2 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 6 Aug 2021 18:00:58 -0400 Subject: [PATCH] acl: remove ACLDatacenter This field has been unnecessary for a while now. It was always set to the same value as PrimaryDatacenter. So we can remove the duplicate field and use PrimaryDatacenter directly. This change was made by GoLand refactor, which did most of the work for me. --- agent/acl_endpoint_legacy.go | 10 ++--- agent/agent.go | 3 -- agent/config/builder.go | 3 +- agent/config/runtime.go | 11 +---- agent/config/runtime_test.go | 37 ++++++++-------- .../TestRuntimeConfig_Sanitize.golden | 1 - agent/consul/acl_client.go | 4 +- agent/consul/acl_endpoint.go | 42 +++++++++---------- agent/consul/acl_endpoint_legacy.go | 2 +- agent/consul/acl_endpoint_test.go | 4 +- agent/consul/acl_replication.go | 19 +++++---- agent/consul/acl_replication_legacy.go | 5 ++- agent/consul/acl_replication_legacy_test.go | 14 +++---- agent/consul/acl_replication_test.go | 19 +++++---- agent/consul/acl_server.go | 10 ++--- agent/consul/acl_test.go | 10 ++--- agent/consul/acl_token_exp_test.go | 5 ++- agent/consul/catalog_endpoint_test.go | 20 ++++----- agent/consul/config.go | 8 +--- agent/consul/config_endpoint_test.go | 12 +++--- agent/consul/connect_ca_endpoint_test.go | 4 +- agent/consul/coordinate_endpoint_test.go | 6 +-- agent/consul/discovery_chain_endpoint_test.go | 7 ++-- .../consul/federation_state_endpoint_test.go | 17 ++++---- agent/consul/health_endpoint_test.go | 11 ++--- agent/consul/intention_endpoint_test.go | 23 +++++----- agent/consul/internal_endpoint_test.go | 17 ++++---- agent/consul/kvs_endpoint_test.go | 15 +++---- agent/consul/leader.go | 2 +- agent/consul/leader_connect_test.go | 4 +- .../consul/leader_federation_state_ae_test.go | 7 ++-- agent/consul/leader_intentions_test.go | 4 +- agent/consul/leader_test.go | 34 +++++++-------- .../operator_autopilot_endpoint_test.go | 13 +++--- agent/consul/operator_raft_endpoint_test.go | 13 +++--- agent/consul/prepared_query_endpoint_test.go | 29 ++++++------- agent/consul/server.go | 7 ++-- agent/consul/server_test.go | 6 +-- agent/consul/session_endpoint_test.go | 9 ++-- agent/consul/snapshot_endpoint_test.go | 9 ++-- agent/consul/txn_endpoint_test.go | 4 +- agent/uiserver/uiserver_test.go | 2 +- 42 files changed, 241 insertions(+), 241 deletions(-) diff --git a/agent/acl_endpoint_legacy.go b/agent/acl_endpoint_legacy.go index efbd51fdb..92c191e6b 100644 --- a/agent/acl_endpoint_legacy.go +++ b/agent/acl_endpoint_legacy.go @@ -19,7 +19,7 @@ func (s *HTTPHandlers) ACLDestroy(resp http.ResponseWriter, req *http.Request) ( } args := structs.ACLRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, Op: structs.ACLDelete, } s.parseToken(req, &args.Token) @@ -55,7 +55,7 @@ func (s *HTTPHandlers) ACLUpdate(resp http.ResponseWriter, req *http.Request) (i func (s *HTTPHandlers) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) { args := structs.ACLRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, Op: structs.ACLSet, ACL: structs.ACL{ Type: structs.ACLTokenTypeClient, @@ -96,7 +96,7 @@ func (s *HTTPHandlers) ACLClone(resp http.ResponseWriter, req *http.Request) (in } args := structs.ACLSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { @@ -148,7 +148,7 @@ func (s *HTTPHandlers) ACLGet(resp http.ResponseWriter, req *http.Request) (inte } args := structs.ACLSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { @@ -182,7 +182,7 @@ func (s *HTTPHandlers) ACLList(resp http.ResponseWriter, req *http.Request) (int } args := structs.DCSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { diff --git a/agent/agent.go b/agent/agent.go index 8dc6c1f0a..19a9ba2cb 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1114,9 +1114,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co if runtimeCfg.ACLMasterToken != "" { cfg.ACLMasterToken = runtimeCfg.ACLMasterToken } - if runtimeCfg.ACLDatacenter != "" { - cfg.ACLDatacenter = runtimeCfg.ACLDatacenter - } if runtimeCfg.ACLTokenTTL != 0 { cfg.ACLTokenTTL = runtimeCfg.ACLTokenTTL } diff --git a/agent/config/builder.go b/agent/config/builder.go index 92171a8eb..fc4c39c87 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -867,7 +867,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) { // ACL ACLsEnabled: aclsEnabled, - ACLDatacenter: primaryDatacenter, ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)), ACLDownPolicy: stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)), ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)), @@ -1311,7 +1310,7 @@ func (b *builder) validate(rt RuntimeConfig) error { if rt.AutopilotMaxTrailingLogs < 0 { return fmt.Errorf("autopilot.max_trailing_logs cannot be %d. Must be greater than or equal to zero", rt.AutopilotMaxTrailingLogs) } - if err := validateBasicName("acl_datacenter", rt.ACLDatacenter, true); err != nil { + if err := validateBasicName("primary_datacenter", rt.PrimaryDatacenter, true); err != nil { return err } // In DevMode, UI is enabled by default, so to enable rt.UIDir, don't perform this check diff --git a/agent/config/runtime.go b/agent/config/runtime.go index eae903737..438cb2265 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -69,13 +69,6 @@ type RuntimeConfig struct { ACLTokens token.Config - // ACLDatacenter is the central datacenter that holds authoritative - // ACL records. This must be the same for the entire cluster. - // If this is not set, ACLs are not enabled. Off by default. - // - // hcl: acl_datacenter = string - ACLDatacenter string - // ACLDefaultPolicy is used to control the ACL interaction when // there is no defined policy. This can be "allow" which means // ACLs are used to deny-list, or "deny" which means ACLs are @@ -85,7 +78,7 @@ type RuntimeConfig struct { ACLDefaultPolicy string // ACLDownPolicy is used to control the ACL interaction when we cannot - // reach the ACLDatacenter and the token is not in the cache. + // reach the PrimaryDatacenter and the token is not in the cache. // There are the following modes: // * allow - Allow all requests // * deny - Deny all requests @@ -109,7 +102,7 @@ type RuntimeConfig struct { ACLEnableKeyListPolicy bool // ACLMasterToken is used to bootstrap the ACL system. It should be specified - // on the servers in the ACLDatacenter. When the leader comes online, it ensures + // on the servers in the PrimaryDatacenter. When the leader comes online, it ensures // that the Master token is available. This provides the initial token. // // hcl: acl.tokens.master = string diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index c5976adb8..5c012909b 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -221,7 +221,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -237,7 +236,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -254,7 +252,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.DataDir = dataDir }, @@ -285,7 +282,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -471,7 +467,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -492,7 +487,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -509,7 +503,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -659,7 +652,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { expected: func(rt *RuntimeConfig) { rt.Datacenter = "dc2" rt.PrimaryDatacenter = "dc1" - rt.ACLDatacenter = "dc1" rt.PrimaryGateways = []string{"a", "b"} rt.DataDir = dataDir // server things @@ -1484,7 +1476,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.Bootstrap = false rt.BootstrapExpect = 0 rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.StartJoinAddrsLAN = []string{"a", "b", "c", "d"} rt.NodeMeta = map[string]string{"a": "c"} @@ -1540,7 +1531,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.SerfAdvertiseAddrLAN = tcpAddr("1.1.1.1:8301") rt.SerfAdvertiseAddrWAN = tcpAddr("2.2.2.2:8302") rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.DNSRecursors = []string{"1.2.3.6", "5.6.7.10", "1.2.3.5", "5.6.7.9"} rt.NodeMeta = map[string]string{"a": "c"} @@ -1626,7 +1616,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { hcl: []string{`datacenter = "A"`}, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -1638,7 +1627,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { hcl: []string{`acl_datacenter = "A"`}, expected: func(rt *RuntimeConfig) { rt.ACLsEnabled = true - rt.ACLDatacenter = "a" rt.DataDir = dataDir rt.PrimaryDatacenter = "a" }, @@ -1749,15 +1737,28 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, }) run(t, testCase{ - desc: "acl_datacenter invalid", + desc: "primary_datacenter invalid", args: []string{ `-datacenter=a`, `-data-dir=` + dataDir, }, - json: []string{`{ "acl_datacenter": "%" }`}, - hcl: []string{`acl_datacenter = "%"`}, - expectedErr: `acl_datacenter can only contain lowercase alphanumeric, - or _ characters.`, + json: []string{`{ "primary_datacenter": "%" }`}, + hcl: []string{`primary_datacenter = "%"`}, + expectedErr: `primary_datacenter can only contain lowercase alphanumeric, - or _ characters.`, + }) + run(t, testCase{ + desc: "acl_datacenter deprecated", + args: []string{ + `-data-dir=` + dataDir, + }, + json: []string{`{ "acl_datacenter": "ab" }`}, + hcl: []string{`acl_datacenter = "ab"`}, expectedWarnings: []string{`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`}, + expected: func(rt *RuntimeConfig) { + rt.ACLsEnabled = true + rt.PrimaryDatacenter = "ab" + rt.DataDir = dataDir + }, }) run(t, testCase{ desc: "autopilot.max_trailing_logs invalid", @@ -3373,7 +3374,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.DataDir = dataDir rt.Datacenter = "two" rt.PrimaryDatacenter = "one" - rt.ACLDatacenter = "one" rt.PrimaryGateways = []string{"foo.local", "bar.local"} rt.ConnectEnabled = true rt.ConnectMeshGatewayWANFederationEnabled = true @@ -5233,7 +5233,7 @@ func TestLoad_FullConfig(t *testing.T) { }, ACLsEnabled: true, - ACLDatacenter: "ejtmd43d", + PrimaryDatacenter: "ejtmd43d", ACLDefaultPolicy: "72c2e7a0", ACLDownPolicy: "03eb2aee", ACLEnableKeyListPolicy: true, @@ -5483,7 +5483,6 @@ func TestLoad_FullConfig(t *testing.T) { NodeName: "otlLxGaI", ReadReplica: true, PidFile: "43xN80Km", - PrimaryDatacenter: "ejtmd43d", PrimaryGateways: []string{"aej8eeZo", "roh2KahS"}, PrimaryGatewaysInterval: 18866 * time.Second, RPCAdvertiseAddr: tcpAddr("17.99.29.16:3757"), diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 64ddefe51..7f1ac0846 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -1,5 +1,4 @@ { - "ACLDatacenter": "", "ACLDefaultPolicy": "", "ACLDisabledTTL": "0s", "ACLDownPolicy": "", diff --git a/agent/consul/acl_client.go b/agent/consul/acl_client.go index bc86916ea..36e1f2e5b 100644 --- a/agent/consul/acl_client.go +++ b/agent/consul/acl_client.go @@ -64,8 +64,8 @@ func (c *Client) ACLDatacenter(legacy bool) string { // in legacy mode the clients should directly query the // ACL Datacenter. When no ACL datacenter has been set // then we assume that the local DC is the ACL DC - if legacy && c.config.ACLDatacenter != "" { - return c.config.ACLDatacenter + if legacy && c.config.PrimaryDatacenter != "" { + return c.config.PrimaryDatacenter } return c.config.Datacenter diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 66dd7c91a..425c54843 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -276,7 +276,7 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke // clients will not know whether the server has local token store. In the case // where it doesn't we will transparently forward requests. if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenRead", args, reply); done { @@ -345,7 +345,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok // clients will not know whether the server has local token store. In the case // where it doesn't we will transparently forward requests. if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenClone", args, reply); done { @@ -369,8 +369,8 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok return acl.ErrNotFound } else if !a.srv.InACLDatacenter() && !token.Local { // global token writes must be forwarded to the primary DC - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenClone", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenClone", a.srv.config.PrimaryDatacenter, args, reply) } if token.AuthMethod != "" { @@ -414,7 +414,7 @@ func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken // Global token creation/modification always goes to the ACL DC if !args.ACLToken.Local { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } else if !a.srv.LocalTokensEnabled() { return fmt.Errorf("Local tokens are disabled") } @@ -822,7 +822,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er } if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenDelete", args, reply); done { @@ -862,13 +862,13 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er // token found in secondary DC but its not local so it must be deleted in the primary if !a.srv.InACLDatacenter() && !token.Local { - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply) } } else if !a.srv.InACLDatacenter() { // token not found in secondary DC - attempt to delete within the primary - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply) } else { // in Primary Datacenter but the token does not exist - return early as there is nothing to do. return nil @@ -903,12 +903,12 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok } if !a.srv.LocalTokensEnabled() { - if args.Datacenter != a.srv.config.ACLDatacenter { - args.Datacenter = a.srv.config.ACLDatacenter + if args.Datacenter != a.srv.config.PrimaryDatacenter { + args.Datacenter = a.srv.config.PrimaryDatacenter args.IncludeLocal = false args.IncludeGlobal = true } - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenList", args, reply); done { @@ -969,7 +969,7 @@ func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *struc } if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenBatchRead", args, reply); done { @@ -1095,7 +1095,7 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.PolicySet", args, reply); done { @@ -1226,7 +1226,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.PolicyDelete", args, reply); done { @@ -1385,7 +1385,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicyResolveLegacyRequest, reply *stru } // Verify we are allowed to serve this request - if a.srv.config.ACLDatacenter != a.srv.config.Datacenter { + if a.srv.config.PrimaryDatacenter != a.srv.config.Datacenter { return acl.ErrDisabled } @@ -1527,7 +1527,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.RoleSet", args, reply); done { @@ -1685,7 +1685,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.RoleDelete", args, reply); done { @@ -2522,8 +2522,8 @@ func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error { } else if !a.srv.InACLDatacenter() && !token.Local { // global token writes must be forwarded to the primary DC - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.Logout", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.Logout", a.srv.config.PrimaryDatacenter, args, reply) } // No need to check expiration time because it's being deleted. diff --git a/agent/consul/acl_endpoint_legacy.go b/agent/consul/acl_endpoint_legacy.go index ab004fa3a..5d4905c07 100644 --- a/agent/consul/acl_endpoint_legacy.go +++ b/agent/consul/acl_endpoint_legacy.go @@ -56,7 +56,7 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err // Attempt a bootstrap. req := structs.ACLRequest{ - Datacenter: a.srv.config.ACLDatacenter, + Datacenter: a.srv.config.PrimaryDatacenter, Op: structs.ACLBootstrapNow, ACL: structs.ACL{ ID: token, diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index e15cd0c6e..e9848ecac 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -33,7 +33,7 @@ func TestACLEndpoint_Bootstrap(t *testing.T) { t.Parallel() _, srv, codec := testACLServerWithConfig(t, func(c *Config) { c.Build = "0.8.0" // Too low for auto init of bootstrap. - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true // remove the default as we want to bootstrap c.ACLMasterToken = "" @@ -490,7 +490,7 @@ func TestACLEndpoint_ReplicationStatus(t *testing.T) { t.Parallel() _, srv, codec := testACLServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc2" + c.PrimaryDatacenter = "dc2" c.ACLTokenReplication = true c.ACLReplicationRate = 100 c.ACLReplicationBurst = 100 diff --git a/agent/consul/acl_replication.go b/agent/consul/acl_replication.go index 0e8da6e9f..6bc3818f6 100644 --- a/agent/consul/acl_replication.go +++ b/agent/consul/acl_replication.go @@ -8,8 +8,9 @@ import ( "time" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/agent/structs" ) const ( @@ -86,7 +87,7 @@ var errContainsRedactedData = errors.New("replication results contain redacted d func (s *Server) fetchACLRolesBatch(roleIDs []string) (*structs.ACLRoleBatchResponse, error) { req := structs.ACLRoleBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, RoleIDs: roleIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -106,7 +107,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp defer metrics.MeasureSince([]string{"leader", "replication", "acl", "role", "fetch"}, time.Now()) req := structs.ACLRoleListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -124,7 +125,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp func (s *Server) fetchACLPoliciesBatch(policyIDs []string) (*structs.ACLPolicyBatchResponse, error) { req := structs.ACLPolicyBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, PolicyIDs: policyIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -144,7 +145,7 @@ func (s *Server) fetchACLPolicies(lastRemoteIndex uint64) (*structs.ACLPolicyLis defer metrics.MeasureSince([]string{"leader", "replication", "acl", "policy", "fetch"}, time.Now()) req := structs.ACLPolicyListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -314,7 +315,7 @@ func (s *Server) updateLocalACLType(ctx context.Context, logger hclog.Logger, tr func (s *Server) fetchACLTokensBatch(tokenIDs []string) (*structs.ACLTokenBatchResponse, error) { req := structs.ACLTokenBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, AccessorIDs: tokenIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -334,7 +335,7 @@ func (s *Server) fetchACLTokens(lastRemoteIndex uint64) (*structs.ACLTokenListRe defer metrics.MeasureSince([]string{"leader", "replication", "acl", "token", "fetch"}, time.Now()) req := structs.ACLTokenListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -479,7 +480,7 @@ func (s *Server) replicateACLType(ctx context.Context, logger hclog.Logger, tr a // IsACLReplicationEnabled returns true if ACL replication is enabled. // DEPRECATED (ACL-Legacy-Compat) - with new ACLs at least policy replication is required func (s *Server) IsACLReplicationEnabled() bool { - authDC := s.config.ACLDatacenter + authDC := s.config.PrimaryDatacenter return len(authDC) > 0 && (authDC != s.config.Datacenter) && s.config.ACLTokenReplication } @@ -516,7 +517,7 @@ func (s *Server) initReplicationStatus() { s.aclReplicationStatus.Enabled = true s.aclReplicationStatus.Running = true - s.aclReplicationStatus.SourceDatacenter = s.config.ACLDatacenter + s.aclReplicationStatus.SourceDatacenter = s.config.PrimaryDatacenter } func (s *Server) updateACLReplicationStatusStopped() { diff --git a/agent/consul/acl_replication_legacy.go b/agent/consul/acl_replication_legacy.go index 1ed56fffc..72151245d 100644 --- a/agent/consul/acl_replication_legacy.go +++ b/agent/consul/acl_replication_legacy.go @@ -7,8 +7,9 @@ import ( "time" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/agent/structs" ) // aclIterator simplifies the algorithm below by providing a basic iterator that @@ -166,7 +167,7 @@ func (s *Server) fetchRemoteLegacyACLs(lastRemoteIndex uint64) (*structs.Indexed defer metrics.MeasureSince([]string{"leader", "fetchRemoteACLs"}, time.Now()) args := structs.DCSpecificRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ Token: s.tokens.ReplicationToken(), MinQueryIndex: lastRemoteIndex, diff --git a/agent/consul/acl_replication_legacy_test.go b/agent/consul/acl_replication_legacy_test.go index 9631ed9d3..3a4e034c9 100644 --- a/agent/consul/acl_replication_legacy_test.go +++ b/agent/consul/acl_replication_legacy_test.go @@ -234,7 +234,7 @@ func TestACLReplication_updateLocalACLs_RateLimit(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLReplicationApplyLimit = 1 }) @@ -289,7 +289,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { t.Parallel() // ACLs not enabled. dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "" + c.PrimaryDatacenter = "" c.ACLsEnabled = false }) defer os.RemoveAll(dir1) @@ -301,7 +301,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // ACLs enabled but not replication. dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true }) defer os.RemoveAll(dir2) @@ -316,7 +316,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // ACLs enabled with replication. dir3, s3 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true }) @@ -331,7 +331,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // so replication should be disabled. dir4, s4 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true }) @@ -354,7 +354,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -366,7 +366,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 diff --git a/agent/consul/acl_replication_test.go b/agent/consul/acl_replication_test.go index 26726fe36..32739c92a 100644 --- a/agent/consul/acl_replication_test.go +++ b/agent/consul/acl_replication_test.go @@ -7,13 +7,14 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestACLReplication_diffACLPolicies(t *testing.T) { @@ -298,7 +299,7 @@ func TestACLReplication_Tokens(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -310,7 +311,7 @@ func TestACLReplication_Tokens(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -515,7 +516,7 @@ func TestACLReplication_Policies(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -527,7 +528,7 @@ func TestACLReplication_Policies(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 @@ -640,7 +641,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -683,7 +684,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -790,7 +791,7 @@ func TestACLReplication_AllTypes(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -802,7 +803,7 @@ func TestACLReplication_AllTypes(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go index 0351c2724..40ae430ef 100644 --- a/agent/consul/acl_server.go +++ b/agent/consul/acl_server.go @@ -119,9 +119,9 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool { } if !s.InACLDatacenter() { - foundServers, mode, _ := ServersGetACLMode(s, "", s.config.ACLDatacenter) + foundServers, mode, _ := ServersGetACLMode(s, "", s.config.PrimaryDatacenter) if mode != structs.ACLModeEnabled || !foundServers { - s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "ACLDatacenter", s.config.ACLDatacenter, "mode", mode, "found", foundServers) + s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "PrimaryDatacenter", s.config.PrimaryDatacenter, "mode", mode, "found", foundServers) return false } } @@ -143,7 +143,7 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool { } func (s *Server) InACLDatacenter() bool { - return s.config.ACLDatacenter == "" || s.config.Datacenter == s.config.ACLDatacenter + return s.config.PrimaryDatacenter == "" || s.config.Datacenter == s.config.PrimaryDatacenter } func (s *Server) UseLegacyACLs() bool { @@ -167,8 +167,8 @@ func (s *Server) LocalTokensEnabled() bool { func (s *Server) ACLDatacenter(legacy bool) string { // For resolution running on servers the only option // is to contact the configured ACL Datacenter - if s.config.ACLDatacenter != "" { - return s.config.ACLDatacenter + if s.config.PrimaryDatacenter != "" { + return s.config.PrimaryDatacenter } // This function only gets called if ACLs are enabled. diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go index 6699469c1..1c870b823 100644 --- a/agent/consul/acl_test.go +++ b/agent/consul/acl_test.go @@ -2194,7 +2194,7 @@ func TestACL_Replication(t *testing.T) { for _, aclDownPolicy := range aclExtendPolicies { dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLMasterToken = "root" }) defer os.RemoveAll(dir1) @@ -2204,7 +2204,7 @@ func TestACL_Replication(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLDefaultPolicy = "deny" c.ACLDownPolicy = aclDownPolicy c.ACLTokenReplication = true @@ -2218,7 +2218,7 @@ func TestACL_Replication(t *testing.T) { dir3, s3 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc3" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLDownPolicy = "deny" c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -2312,7 +2312,7 @@ func TestACL_Replication(t *testing.T) { func TestACL_MultiDC_Found(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLMasterToken = "root" }) defer os.RemoveAll(dir1) @@ -2322,7 +2322,7 @@ func TestACL_MultiDC_Found(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" // Enable ACLs! + c.PrimaryDatacenter = "dc1" // Enable ACLs! }) defer os.RemoveAll(dir2) defer s2.Shutdown() diff --git a/agent/consul/acl_token_exp_test.go b/agent/consul/acl_token_exp_test.go index da7842db5..6bb3f6ce9 100644 --- a/agent/consul/acl_token_exp_test.go +++ b/agent/consul/acl_token_exp_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestACLTokenReap_Primary(t *testing.T) { @@ -41,7 +42,7 @@ func testACLTokenReap_Primary(t *testing.T, local, global bool) { require.NotEqual(t, local, global) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLTokenMinExpirationTTL = 10 * time.Millisecond diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index 46be6e702..b160c8dcb 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -180,7 +180,7 @@ func TestCatalog_Register_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -426,7 +426,7 @@ func TestCatalog_Register_ConnectProxy_ACLDestinationServiceName(t *testing.T) { assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -555,7 +555,7 @@ func TestCatalog_Deregister_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1295,7 +1295,7 @@ func TestCatalog_ListNodes_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1636,7 +1636,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true }) defer os.RemoveAll(dir1) @@ -1644,7 +1644,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) { testrpc.WaitForTestAgent(t, s1.RPC, "dc1") dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" // Enable ACLs! + c.PrimaryDatacenter = "dc1" // Enable ACLs! c.ACLsEnabled = true c.Bootstrap = false // Disable bootstrap }) @@ -2413,7 +2413,7 @@ func TestCatalog_ListServiceNodes_ConnectProxy_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2708,7 +2708,7 @@ func TestCatalog_Register_FailedCase1(t *testing.T) { func testACLFilterServer(t *testing.T) (dir, token string, srv *Server, codec rpc.ClientCodec) { dir, srv = testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2871,7 +2871,7 @@ func TestCatalog_NodeServices_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -3284,7 +3284,7 @@ func TestCatalog_GatewayServices_ACLFiltering(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/config.go b/agent/consul/config.go index 81541bbea..d31dcc478 100644 --- a/agent/consul/config.go +++ b/agent/consul/config.go @@ -179,14 +179,10 @@ type Config struct { ACLsEnabled bool // ACLMasterToken is used to bootstrap the ACL system. It should be specified - // on the servers in the ACLDatacenter. When the leader comes online, it ensures + // on the servers in the PrimaryDatacenter. When the leader comes online, it ensures // that the Master token is available. This provides the initial token. ACLMasterToken string - // ACLDatacenter provides the authoritative datacenter for ACL - // tokens. If not provided, ACL verification is disabled. - ACLDatacenter string - // ACLTokenTTL controls the time-to-live of cached ACL tokens. // It can be set to zero to disable caching, but this adds // a substantial cost. @@ -219,7 +215,7 @@ type Config struct { // allow-lists. ACLDefaultPolicy string - // ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter + // ACLDownPolicy controls the behavior of ACLs if the PrimaryDatacenter // cannot be contacted. It can be either "deny" to deny all requests, // "extend-cache" or "async-cache" which ignores the ACLCacheInterval and // uses cached policies. diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go index a5e92ad33..da4510786 100644 --- a/agent/consul/config_endpoint_test.go +++ b/agent/consul/config_endpoint_test.go @@ -152,7 +152,7 @@ func TestConfigEntry_Apply_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -281,7 +281,7 @@ func TestConfigEntry_Get_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -494,7 +494,7 @@ func TestConfigEntry_List_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -579,7 +579,7 @@ func TestConfigEntry_ListAll_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -738,7 +738,7 @@ func TestConfigEntry_Delete_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1960,7 +1960,7 @@ func TestConfigEntry_ResolveServiceConfig_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index f5b7438e2..808cfe703 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -161,7 +161,7 @@ func TestConnectCAConfig_GetSet_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -1102,7 +1102,7 @@ func TestConnectCASignValidation(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go index 9e9150d4f..5d9d183e7 100644 --- a/agent/consul/coordinate_endpoint_test.go +++ b/agent/consul/coordinate_endpoint_test.go @@ -194,7 +194,7 @@ func TestCoordinate_Update_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -370,7 +370,7 @@ func TestCoordinate_ListNodes_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -562,7 +562,7 @@ func TestCoordinate_Node_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index c1d09380b..294a78721 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -6,12 +6,13 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestDiscoveryChainEndpoint_Get(t *testing.T) { @@ -23,7 +24,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go index 5812a3636..92dbbe497 100644 --- a/agent/consul/federation_state_endpoint_test.go +++ b/agent/consul/federation_state_endpoint_test.go @@ -6,15 +6,16 @@ import ( "testing" "time" + uuid "github.com/hashicorp/go-uuid" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - uuid "github.com/hashicorp/go-uuid" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestFederationState_Apply_Upsert(t *testing.T) { @@ -112,7 +113,7 @@ func TestFederationState_Apply_Upsert_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -232,7 +233,7 @@ func TestFederationState_Get_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -403,7 +404,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) { c.DisableFederationStateAntiEntropy = true c.Datacenter = "dc1" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -419,7 +420,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) { c.DisableFederationStateAntiEntropy = true c.Datacenter = "dc2" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -678,7 +679,7 @@ func TestFederationState_Apply_Delete_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go index 4aec9c7b0..54b8ff86c 100644 --- a/agent/consul/health_endpoint_test.go +++ b/agent/consul/health_endpoint_test.go @@ -5,6 +5,10 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" @@ -12,9 +16,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestHealth_ChecksInState(t *testing.T) { @@ -980,7 +981,7 @@ func TestHealth_ServiceNodes_ConnectProxy_ACL(t *testing.T) { assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1294,7 +1295,7 @@ func TestHealth_ServiceNodes_Ingress_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go index 1af81751c..bef7bedd4 100644 --- a/agent/consul/intention_endpoint_test.go +++ b/agent/consul/intention_endpoint_test.go @@ -6,11 +6,12 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) // Test basic creation @@ -859,7 +860,7 @@ func TestIntentionApply_aclDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1264,7 +1265,7 @@ func TestIntentionApply_aclDelete(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1345,7 +1346,7 @@ func TestIntentionApply_aclUpdate(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1414,7 +1415,7 @@ func TestIntentionApply_aclManagement(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1459,7 +1460,7 @@ func TestIntentionApply_aclUpdateChange(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1524,7 +1525,7 @@ func TestIntentionGet_acl(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1928,7 +1929,7 @@ func TestIntentionCheck_defaultACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1964,7 +1965,7 @@ func TestIntentionCheck_defaultACLAllow(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -2000,7 +2001,7 @@ func TestIntentionCheck_aclDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index a3f389fcd..e03fb6b95 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -6,6 +6,10 @@ import ( "strings" "testing" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -13,9 +17,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestInternal_NodeInfo(t *testing.T) { @@ -559,7 +560,7 @@ func TestInternal_EventFire_Token(t *testing.T) { t.Parallel() dir, srv := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDownPolicy = "deny" @@ -958,7 +959,7 @@ func TestInternal_GatewayServiceDump_Terminating_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1301,7 +1302,7 @@ func TestInternal_GatewayServiceDump_Ingress_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1904,7 +1905,7 @@ func TestInternal_ServiceTopology_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -2041,7 +2042,7 @@ func TestInternal_IntentionUpstreams_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go index 5d8305bc6..7e62aa8ea 100644 --- a/agent/consul/kvs_endpoint_test.go +++ b/agent/consul/kvs_endpoint_test.go @@ -5,12 +5,13 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestKVS_Apply(t *testing.T) { @@ -81,7 +82,7 @@ func TestKVS_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -201,7 +202,7 @@ func TestKVS_Get_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -422,7 +423,7 @@ func TestKVSEndpoint_List_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -512,7 +513,7 @@ func TestKVSEndpoint_List_ACLEnableKeyListPolicy(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -715,7 +716,7 @@ func TestKVSEndpoint_ListKeys_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader.go b/agent/consul/leader.go index c076ab34b..f93e1b1a0 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -404,7 +404,7 @@ func (s *Server) initializeLegacyACL() error { return nil } - authDC := s.config.ACLDatacenter + authDC := s.config.PrimaryDatacenter // Create anonymous token if missing. state := s.fsm.State() diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go index 8b7592c07..ea10e5afe 100644 --- a/agent/consul/leader_connect_test.go +++ b/agent/consul/leader_connect_test.go @@ -200,7 +200,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { // Initialize primary as the primary DC dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "primary" - c.ACLDatacenter = "primary" + c.PrimaryDatacenter = "primary" c.Build = "1.6.0" c.ACLsEnabled = true c.ACLMasterToken = masterToken @@ -219,7 +219,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { // secondary as a secondary DC dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "secondary" - c.ACLDatacenter = "primary" + c.PrimaryDatacenter = "primary" c.Build = "1.6.0" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader_federation_state_ae_test.go b/agent/consul/leader_federation_state_ae_test.go index 61a40891c..f2c483b4f 100644 --- a/agent/consul/leader_federation_state_ae_test.go +++ b/agent/consul/leader_federation_state_ae_test.go @@ -5,12 +5,13 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestLeader_FederationStateAntiEntropy_FeatureIsStickyEvenIfSerfTagsRegress(t *testing.T) { @@ -356,7 +357,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -370,7 +371,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader_intentions_test.go b/agent/consul/leader_intentions_test.go index 2447cf08e..0294d0094 100644 --- a/agent/consul/leader_intentions_test.go +++ b/agent/consul/leader_intentions_test.go @@ -27,7 +27,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -62,7 +62,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) { // dc2 as a secondary DC dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" c.ACLTokenReplication = false diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go index 66e212494..cedf8386b 100644 --- a/agent/consul/leader_test.go +++ b/agent/consul/leader_test.go @@ -29,7 +29,7 @@ func TestLeader_RegisterMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -106,7 +106,7 @@ func TestLeader_FailedMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -172,7 +172,7 @@ func TestLeader_LeftMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -224,7 +224,7 @@ func TestLeader_ReapMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -291,7 +291,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -301,7 +301,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { defer s1.Shutdown() dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -311,7 +311,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { defer s2.Shutdown() dir3, s3 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -399,7 +399,7 @@ func TestLeader_ReapServer(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -409,7 +409,7 @@ func TestLeader_ReapServer(t *testing.T) { defer s1.Shutdown() dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -419,7 +419,7 @@ func TestLeader_ReapServer(t *testing.T) { defer s2.Shutdown() dir3, s3 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -480,7 +480,7 @@ func TestLeader_Reconcile_ReapMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -534,7 +534,7 @@ func TestLeader_Reconcile(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -889,7 +889,7 @@ func TestLeader_ReapTombstones(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1194,7 +1194,7 @@ func TestLeader_ACL_Initialization(t *testing.T) { c.Build = tt.build c.Bootstrap = true c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = tt.master } @@ -1305,7 +1305,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -1318,7 +1318,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 @@ -1363,7 +1363,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir2new, s2new := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go index 962ab92cb..62a3a3926 100644 --- a/agent/consul/operator_autopilot_endpoint_test.go +++ b/agent/consul/operator_autopilot_endpoint_test.go @@ -5,14 +5,15 @@ import ( "testing" "time" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/consul/testrpc" msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/testrpc" ) func TestOperator_Autopilot_GetConfiguration(t *testing.T) { @@ -51,7 +52,7 @@ func TestOperator_Autopilot_GetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -155,7 +156,7 @@ func TestOperator_Autopilot_SetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go index 3c123f1fb..53a7752e3 100644 --- a/agent/consul/operator_raft_endpoint_test.go +++ b/agent/consul/operator_raft_endpoint_test.go @@ -7,13 +7,14 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/raft" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/hashicorp/raft" - "github.com/stretchr/testify/require" ) func TestOperator_RaftGetConfiguration(t *testing.T) { @@ -69,7 +70,7 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -217,7 +218,7 @@ func TestOperator_RaftRemovePeerByAddress_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -346,7 +347,7 @@ func TestOperator_RaftRemovePeerByID_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go index dc7305ec7..6ebf05a5c 100644 --- a/agent/consul/prepared_query_endpoint_test.go +++ b/agent/consul/prepared_query_endpoint_test.go @@ -11,6 +11,12 @@ import ( "testing" "time" + "github.com/hashicorp/go-hclog" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/serf/coordinate" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" @@ -18,11 +24,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - "github.com/hashicorp/go-hclog" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/hashicorp/serf/coordinate" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestPreparedQuery_Apply(t *testing.T) { @@ -197,7 +198,7 @@ func TestPreparedQuery_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -643,7 +644,7 @@ func TestPreparedQuery_ACLDeny_Catchall_Template(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -862,7 +863,7 @@ func TestPreparedQuery_Get(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1120,7 +1121,7 @@ func TestPreparedQuery_List(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1333,7 +1334,7 @@ func TestPreparedQuery_Explain(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1474,7 +1475,7 @@ func TestPreparedQuery_Execute(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1487,7 +1488,7 @@ func TestPreparedQuery_Execute(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" }) @@ -2780,7 +2781,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2790,7 +2791,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/server.go b/agent/consul/server.go index e23e9e003..99957c6e1 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -332,16 +332,17 @@ func NewServer(config *Config, flat Deps) (*Server, error) { } // Set the primary DC if it wasn't set. + // TODO: remove if config.PrimaryDatacenter == "" { - if config.ACLDatacenter != "" { - config.PrimaryDatacenter = config.ACLDatacenter + if config.PrimaryDatacenter != "" { + config.PrimaryDatacenter = config.PrimaryDatacenter } else { config.PrimaryDatacenter = config.Datacenter } } if config.PrimaryDatacenter != "" { - config.ACLDatacenter = config.PrimaryDatacenter + config.PrimaryDatacenter = config.PrimaryDatacenter } // Create the tombstone GC. diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index de7221f86..d3dfa6584 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -74,7 +74,7 @@ func testTLSCertificates(serverName string) (cert string, key string, cacert str // up all of the ACL configurations (so they can still be overridden) func testServerACLConfig(cb func(*Config)) func(*Config) { return func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -349,11 +349,11 @@ func TestServer_fixupACLDatacenter(t *testing.T) { testrpc.WaitForLeader(t, s2.RPC, "bee") require.Equal(t, "aye", s1.config.Datacenter) - require.Equal(t, "aye", s1.config.ACLDatacenter) + require.Equal(t, "aye", s1.config.PrimaryDatacenter) require.Equal(t, "aye", s1.config.PrimaryDatacenter) require.Equal(t, "bee", s2.config.Datacenter) - require.Equal(t, "aye", s2.config.ACLDatacenter) + require.Equal(t, "aye", s2.config.PrimaryDatacenter) require.Equal(t, "aye", s2.config.PrimaryDatacenter) } diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go index e66aefcd0..a3476cd1f 100644 --- a/agent/consul/session_endpoint_test.go +++ b/agent/consul/session_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/stringslice" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" ) func TestSession_Apply(t *testing.T) { @@ -153,7 +154,7 @@ func TestSession_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -391,7 +392,7 @@ func TestSession_Get_List_NodeSessions_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -750,7 +751,7 @@ func TestSession_Renew_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go index 9c0f00d40..a1fa1efb8 100644 --- a/agent/consul/snapshot_endpoint_test.go +++ b/agent/consul/snapshot_endpoint_test.go @@ -7,14 +7,15 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + autopilot "github.com/hashicorp/raft-autopilot" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - autopilot "github.com/hashicorp/raft-autopilot" - "github.com/stretchr/testify/require" ) // verifySnapshot is a helper that does a snapshot and restore. @@ -268,7 +269,7 @@ func TestSnapshot_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go index 25110219e..a23cdf192 100644 --- a/agent/consul/txn_endpoint_test.go +++ b/agent/consul/txn_endpoint_test.go @@ -319,7 +319,7 @@ func TestTxn_Apply_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -854,7 +854,7 @@ func TestTxn_Read_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/uiserver/uiserver_test.go b/agent/uiserver/uiserver_test.go index 3f5653608..6b0769a22 100644 --- a/agent/uiserver/uiserver_test.go +++ b/agent/uiserver/uiserver_test.go @@ -226,7 +226,7 @@ func basicUIEnabledConfig(opts ...cfgFunc) *config.RuntimeConfig { func withACLs() cfgFunc { return func(cfg *config.RuntimeConfig) { - cfg.ACLDatacenter = "dc1" + cfg.PrimaryDatacenter = "dc1" cfg.ACLDefaultPolicy = "deny" cfg.ACLsEnabled = true }