acl: remove a couple legacy ACL operation constants

structs.ACLForceSet was deprecated 4 years ago, it should be safe to remove now.
ACLBootstrapNow was removed in a recent commit. While it is technically possible that a cluster with mixed version
could still attempt a legacy boostrap, we documented that the legacy system was deprecated in 1.4, so no
clusters that are being upgraded should be attempting a legacy boostrap.
This commit is contained in:
Daniel Nephin 2021-09-03 12:57:48 -04:00
parent af8c10afc4
commit 26f3380688
4 changed files with 5 additions and 54 deletions

View File

@ -260,24 +260,7 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
return err
}
return enabled
case structs.ACLBootstrapNow:
// This is a bootstrap request from a non-upgraded node
if err := c.state.ACLBootstrap(index, 0, req.ACL.Convert(), true); err != nil {
return err
}
// No need to check expiration times as those did not exist in legacy tokens.
if _, token, err := c.state.ACLTokenGetBySecret(nil, req.ACL.ID, nil); err != nil {
return err
} else {
acl, err := token.Convert()
if err != nil {
return err
}
return acl
}
case structs.ACLForceSet, structs.ACLSet:
case structs.ACLSet:
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
return err
}

View File

@ -923,29 +923,6 @@ func TestFSM_ACL_CRUD(t *testing.T) {
if !canBootstrap {
t.Fatalf("bad: shouldn't be able to bootstrap")
}
// Do a bootstrap.
bootstrap := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLBootstrapNow,
ACL: structs.ACL{
ID: generateUUID(),
Name: "Bootstrap Token",
Type: structs.ACLTokenTypeManagement,
},
}
buf, err = structs.Encode(structs.ACLRequestType, bootstrap)
if err != nil {
t.Fatalf("err: %v", err)
}
resp = fsm.Apply(makeLog(buf))
respACL, ok := resp.(*structs.ACL)
if !ok {
t.Fatalf("resp: %v", resp)
}
bootstrap.ACL.CreateIndex = respACL.CreateIndex
bootstrap.ACL.ModifyIndex = respACL.ModifyIndex
require.Equal(t, &bootstrap.ACL, respACL)
}
func TestFSM_PreparedQuery_CRUD(t *testing.T) {

View File

@ -91,9 +91,11 @@ func ACLIDReserved(id string) bool {
const (
// ACLSet creates or updates a token.
// TODO(ACL-Legacy-Compat): remove
ACLSet ACLOp = "set"
// ACLDelete deletes a token.
// TODO(ACL-Legacy-Compat): remove
ACLDelete ACLOp = "delete"
)

View File

@ -7,7 +7,6 @@
package structs
import (
"errors"
"fmt"
"time"
@ -18,21 +17,10 @@ const (
// ACLBootstrapInit is used to perform a scan for existing tokens which
// will decide whether bootstrapping is allowed for a cluster. This is
// initiated by the leader when it steps up, if necessary.
// TODO(ACL-Legacy-Compat): remove
ACLBootstrapInit ACLOp = "bootstrap-init"
// ACLBootstrapNow is used to perform a one-time ACL bootstrap operation on
// a cluster to get the first management token.
ACLBootstrapNow ACLOp = "bootstrap-now"
// ACLForceSet is deprecated, but left for backwards compatibility.
ACLForceSet ACLOp = "force-set"
)
// ACLBootstrapNotInitializedErr is returned when a bootstrap is attempted but
// we haven't yet initialized ACL bootstrap. It provides some guidance to
// operators on how to proceed.
var ACLBootstrapNotInitializedErr = errors.New("ACL bootstrap not initialized, need to force a leader election and ensure all Consul servers support this feature")
const (
// ACLTokenTypeClient tokens have rules applied
ACLTokenTypeClient = "client"
@ -62,6 +50,7 @@ type ACLs []*ACL
// equivalent. This will NOT fill in the other ACLToken fields or perform any other
// upgrade (other than correcting an older HCL syntax that is no longer
// supported).
// TODO(ACL-Legacy-Compat): remove
func (a *ACL) Convert() *ACLToken {
// Ensure that we correct any old HCL in legacy tokens to prevent old
// syntax from leaking elsewhere into the system.