diff --git a/.changelog/11232.txt b/.changelog/11232.txt new file mode 100644 index 000000000..25386cf4a --- /dev/null +++ b/.changelog/11232.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +acl: The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that nothing is still using the legacy ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information. +``` diff --git a/agent/consul/acl.go b/agent/consul/acl.go index a5c4010f1..46605e894 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -30,10 +30,6 @@ var ACLCounters = []prometheus.CounterDefinition{ } var ACLSummaries = []prometheus.SummaryDefinition{ - { - Name: []string{"acl", "resolveTokenLegacy"}, - Help: "This measures the time it takes to resolve an ACL token using the legacy ACL system.", - }, { Name: []string{"acl", "ResolveToken"}, Help: "This measures the time it takes to resolve an ACL token.", diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index ecfac75e1..5596ec0c5 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -144,7 +144,7 @@ $ curl \ - `ReplicationType` - The type of replication that is currently in use. - - `legacy` - ACL replication is in legacy mode and is replicating legacy ACL tokens. + - `legacy` - (removed in Consul 1.11.0) ACL replication is in legacy mode and is replicating legacy ACL tokens. - `policies` - ACL replication is only replicating policies as token replication is disabled. @@ -181,8 +181,8 @@ $ curl \ ## Translate Rules --> **Deprecated** - This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system. It -will be removed in a future major Consul version when support for legacy ACLs is removed. +-> **Deprecated** - This endpoint was removed in Consul 1.11.0. +This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system. This endpoint translates the legacy rule syntax into the latest syntax. It is intended to be used by operators managing Consul's ACLs and performing legacy token to new policy @@ -226,8 +226,8 @@ agent_prefix "" { ## Translate a Legacy Token's Rules --> **Deprecated** - This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system.. It -will be removed in a future major Consul version when support for legacy ACLs is removed. +-> **Deprecated** - This endpoint was removed in Consul 1.11.0. +This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system. This endpoint translates the legacy rules embedded within a legacy ACL into the latest syntax. It is intended to be used by operators managing Consul's ACLs and performing diff --git a/website/content/api-docs/acl/legacy.mdx b/website/content/api-docs/acl/legacy.mdx index 72d7efb10..27d54d38b 100644 --- a/website/content/api-docs/acl/legacy.mdx +++ b/website/content/api-docs/acl/legacy.mdx @@ -2,17 +2,17 @@ layout: api page_title: Legacy ACLs - HTTP API description: >- - The /acl endpoints create, update, destroy, and query Legacy ACL tokens in + The legacy /acl endpoints to create, update, destroy, and query legacy ACL tokens in Consul. --- # ACL HTTP API --> **Consul 1.4.0 deprecates the legacy ACL system completely.** It's _strongly_ -recommended you do not build anything using the legacy system and consider using +-> **The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.** It's _strongly_ +recommended you do not build anything using the legacy system and use the new ACL [Token](/api/acl/tokens) and [Policy](/api/acl/policies) APIs instead. -The `/acl` endpoints create, update, destroy, and query ACL tokens in Consul. +The legacy `/acl` endpoints to create, update, destroy, and query legacy ACL tokens in Consul. For more information about ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 2902d4355..424e9f17a 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -329,7 +329,6 @@ These metrics are used to monitor the health of the Consul servers. | Metric | Description | Unit | Type | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- | -| `consul.acl.resolveTokenLegacy` | Measures the time it takes to resolve an ACL token using the legacy ACL system. | ms | timer | | `consul.acl.ResolveToken` | Measures the time it takes to resolve an ACL token. | ms | timer | | `consul.acl.ResolveTokenToIdentity` | Measures the time it takes to resolve an ACL token to an Identity. | ms | timer | | `consul.acl.token.cache_hit` | Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache. | cache read op | counter | diff --git a/website/content/docs/security/acl/acl-legacy.mdx b/website/content/docs/security/acl/acl-legacy.mdx index d2e63c533..b556ee2b0 100644 --- a/website/content/docs/security/acl/acl-legacy.mdx +++ b/website/content/docs/security/acl/acl-legacy.mdx @@ -13,8 +13,9 @@ description: >- -> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/acl/acl-system). ~> **Alert: Deprecation Notice** -The ACL system described here was Consul's original ACL implementation. In Consul 1.4.0 -the ACL system was rewritten and the legacy system was deprecated. The new ACL system information can be found [here](/docs/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial. +The ACL system described here was Consul's original ACL implementation. +The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0. +The documentation for the new ACL system can be found [here](/docs/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial. The legacy documentation has two sections.