acl: add some notes about removing legacy ACL system

2021-07-20 16:49:51 -04:00 · 2021-07-20 16:49:51 -04:00 · 4f54d9708c
parent e4c6bee7e6
commit 4f54d9708c
3 changed files with 11 additions and 7 deletions
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@ -178,7 +178,7 @@ func (a *ACL) aclPreCheck() error {
 	return nil
 }

-// Bootstrap is used to perform a one-time ACL bootstrap operation on
+// BootstrapTokens is used to perform a one-time ACL bootstrap operation on
 // a cluster to get the first management token.
 func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.ACLToken) error {
 	if err := a.aclPreCheck(); err != nil {
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@ -563,6 +563,7 @@ func fixupRolePolicyLinks(tx ReadTxn, original *structs.ACLRole) (*structs.ACLRo
 }

 // ACLTokenSet is used to insert an ACL rule into the state store.
+// Deprecated (ACL-Legacy-Compat)
 func (s *Store) ACLTokenSet(idx uint64, token *structs.ACLToken, legacy bool) error {
 	tx := s.db.WriteTxn(idx)
 	defer tx.Abort()
@ -959,6 +960,7 @@ func (s *Store) expiresIndexName(local bool) string {

 // ACLTokenDeleteBySecret is used to remove an existing ACL from the state store. If
 // the ACL does not exist this is a no-op and no error is returned.
+// Deprecated (ACL-Legacy-Compat)
 func (s *Store) ACLTokenDeleteBySecret(idx uint64, secret string, entMeta *structs.EnterpriseMeta) error {
 	return s.aclTokenDelete(idx, secret, "id", entMeta)
 }
--- a/agent/http_register.go
+++ b/agent/http_register.go
@ -2,12 +2,6 @@ package agent

 func init() {
 	registerEndpoint("/v1/acl/bootstrap", []string{"PUT"}, (*HTTPHandlers).ACLBootstrap)
-	registerEndpoint("/v1/acl/create", []string{"PUT"}, (*HTTPHandlers).ACLCreate)
-	registerEndpoint("/v1/acl/update", []string{"PUT"}, (*HTTPHandlers).ACLUpdate)
-	registerEndpoint("/v1/acl/destroy/", []string{"PUT"}, (*HTTPHandlers).ACLDestroy)
-	registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLGet)
-	registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLClone)
-	registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLList)
 	registerEndpoint("/v1/acl/login", []string{"POST"}, (*HTTPHandlers).ACLLogin)
 	registerEndpoint("/v1/acl/logout", []string{"POST"}, (*HTTPHandlers).ACLLogout)
 	registerEndpoint("/v1/acl/replication", []string{"GET"}, (*HTTPHandlers).ACLReplicationStatus)
@ -124,4 +118,12 @@ func init() {
 	registerEndpoint("/v1/status/peers", []string{"GET"}, (*HTTPHandlers).StatusPeers)
 	registerEndpoint("/v1/snapshot", []string{"GET", "PUT"}, (*HTTPHandlers).Snapshot)
 	registerEndpoint("/v1/txn", []string{"PUT"}, (*HTTPHandlers).Txn)
+
+	// Deprecated ACL endpoints, they do nothing but return an error
+	registerEndpoint("/v1/acl/create", []string{"PUT"}, (*HTTPHandlers).ACLCreate)
+	registerEndpoint("/v1/acl/update", []string{"PUT"}, (*HTTPHandlers).ACLUpdate)
+	registerEndpoint("/v1/acl/destroy/", []string{"PUT"}, (*HTTPHandlers).ACLDestroy)
+	registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLGet)
+	registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLClone)
+	registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLList)
 }