acl: remove a couple legacy ACL operation constants
structs.ACLForceSet was deprecated 4 years ago, it should be safe to remove now. ACLBootstrapNow was removed in a recent commit. While it is technically possible that a cluster with mixed version could still attempt a legacy boostrap, we documented that the legacy system was deprecated in 1.4, so no clusters that are being upgraded should be attempting a legacy boostrap.
This commit is contained in:
parent
af8c10afc4
commit
26f3380688
|
@ -260,24 +260,7 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
|
|||
return err
|
||||
}
|
||||
return enabled
|
||||
case structs.ACLBootstrapNow:
|
||||
// This is a bootstrap request from a non-upgraded node
|
||||
if err := c.state.ACLBootstrap(index, 0, req.ACL.Convert(), true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// No need to check expiration times as those did not exist in legacy tokens.
|
||||
if _, token, err := c.state.ACLTokenGetBySecret(nil, req.ACL.ID, nil); err != nil {
|
||||
return err
|
||||
} else {
|
||||
acl, err := token.Convert()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return acl
|
||||
}
|
||||
|
||||
case structs.ACLForceSet, structs.ACLSet:
|
||||
case structs.ACLSet:
|
||||
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -923,29 +923,6 @@ func TestFSM_ACL_CRUD(t *testing.T) {
|
|||
if !canBootstrap {
|
||||
t.Fatalf("bad: shouldn't be able to bootstrap")
|
||||
}
|
||||
|
||||
// Do a bootstrap.
|
||||
bootstrap := structs.ACLRequest{
|
||||
Datacenter: "dc1",
|
||||
Op: structs.ACLBootstrapNow,
|
||||
ACL: structs.ACL{
|
||||
ID: generateUUID(),
|
||||
Name: "Bootstrap Token",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
},
|
||||
}
|
||||
buf, err = structs.Encode(structs.ACLRequestType, bootstrap)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
resp = fsm.Apply(makeLog(buf))
|
||||
respACL, ok := resp.(*structs.ACL)
|
||||
if !ok {
|
||||
t.Fatalf("resp: %v", resp)
|
||||
}
|
||||
bootstrap.ACL.CreateIndex = respACL.CreateIndex
|
||||
bootstrap.ACL.ModifyIndex = respACL.ModifyIndex
|
||||
require.Equal(t, &bootstrap.ACL, respACL)
|
||||
}
|
||||
|
||||
func TestFSM_PreparedQuery_CRUD(t *testing.T) {
|
||||
|
|
|
@ -91,9 +91,11 @@ func ACLIDReserved(id string) bool {
|
|||
|
||||
const (
|
||||
// ACLSet creates or updates a token.
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
ACLSet ACLOp = "set"
|
||||
|
||||
// ACLDelete deletes a token.
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
ACLDelete ACLOp = "delete"
|
||||
)
|
||||
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
package structs
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
|
@ -18,21 +17,10 @@ const (
|
|||
// ACLBootstrapInit is used to perform a scan for existing tokens which
|
||||
// will decide whether bootstrapping is allowed for a cluster. This is
|
||||
// initiated by the leader when it steps up, if necessary.
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
ACLBootstrapInit ACLOp = "bootstrap-init"
|
||||
|
||||
// ACLBootstrapNow is used to perform a one-time ACL bootstrap operation on
|
||||
// a cluster to get the first management token.
|
||||
ACLBootstrapNow ACLOp = "bootstrap-now"
|
||||
|
||||
// ACLForceSet is deprecated, but left for backwards compatibility.
|
||||
ACLForceSet ACLOp = "force-set"
|
||||
)
|
||||
|
||||
// ACLBootstrapNotInitializedErr is returned when a bootstrap is attempted but
|
||||
// we haven't yet initialized ACL bootstrap. It provides some guidance to
|
||||
// operators on how to proceed.
|
||||
var ACLBootstrapNotInitializedErr = errors.New("ACL bootstrap not initialized, need to force a leader election and ensure all Consul servers support this feature")
|
||||
|
||||
const (
|
||||
// ACLTokenTypeClient tokens have rules applied
|
||||
ACLTokenTypeClient = "client"
|
||||
|
@ -62,6 +50,7 @@ type ACLs []*ACL
|
|||
// equivalent. This will NOT fill in the other ACLToken fields or perform any other
|
||||
// upgrade (other than correcting an older HCL syntax that is no longer
|
||||
// supported).
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
func (a *ACL) Convert() *ACLToken {
|
||||
// Ensure that we correct any old HCL in legacy tokens to prevent old
|
||||
// syntax from leaking elsewhere into the system.
|
||||
|
|
Loading…
Reference in New Issue