acl: remove unused translate rules endpoint

The CLI command does not use this endpoint, so we can remove it. It was missed in an earlier pass.
2021-10-05 18:18:13 -04:00 · 2021-10-05 18:18:13 -04:00 · 577f2649bf
parent a2e5db40b9
commit 577f2649bf
3 changed files with 2 additions and 35 deletions
--- a/agent/acl_endpoint.go
+++ b/agent/acl_endpoint.go
@ -2,7 +2,6 @@ package agent

 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"strings"

@ -74,37 +73,6 @@ func (s *HTTPHandlers) ACLReplicationStatus(resp http.ResponseWriter, req *http.
 	return out, nil
 }

-func (s *HTTPHandlers) ACLRulesTranslate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
-	if s.checkACLDisabled(resp, req) {
-		return nil, nil
-	}
-
-	var token string
-	s.parseToken(req, &token)
-	authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, nil, nil)
-	if err != nil {
-		return nil, err
-	}
-	// Should this require lesser permissions? Really the only reason to require authorization at all is
-	// to prevent external entities from DoS Consul with repeated rule translation requests
-	if authz.ACLRead(nil) != acl.Allow {
-		return nil, acl.ErrPermissionDenied
-	}
-
-	policyBytes, err := ioutil.ReadAll(req.Body)
-	if err != nil {
-		return nil, BadRequestError{Reason: fmt.Sprintf("Failed to read body: %v", err)}
-	}
-
-	translated, err := acl.TranslateLegacyRules(policyBytes)
-	if err != nil {
-		return nil, BadRequestError{Reason: err.Error()}
-	}
-
-	resp.Write(translated)
-	return nil, nil
-}
-
 func (s *HTTPHandlers) ACLPolicyList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	if s.checkACLDisabled(resp, req) {
 		return nil, nil
--- a/agent/acl_endpoint_test.go
+++ b/agent/acl_endpoint_test.go
@ -45,7 +45,6 @@ func TestACL_Disabled_Response(t *testing.T) {
 		{"ACLBootstrap", a.srv.ACLBootstrap},
 		{"ACLReplicationStatus", a.srv.ACLReplicationStatus},
 		{"AgentToken", a.srv.AgentToken}, // See TestAgent_Token
-		{"ACLRulesTranslate", a.srv.ACLRulesTranslate},
 		{"ACLPolicyList", a.srv.ACLPolicyList},
 		{"ACLPolicyCRUD", a.srv.ACLPolicyCRUD},
 		{"ACLPolicyCreate", a.srv.ACLPolicyCreate},
--- a/agent/http_register.go
+++ b/agent/http_register.go
@ -19,8 +19,6 @@ func init() {
 	registerEndpoint("/v1/acl/auth-methods", []string{"GET"}, (*HTTPHandlers).ACLAuthMethodList)
 	registerEndpoint("/v1/acl/auth-method", []string{"PUT"}, (*HTTPHandlers).ACLAuthMethodCreate)
 	registerEndpoint("/v1/acl/auth-method/", []string{"GET", "PUT", "DELETE"}, (*HTTPHandlers).ACLAuthMethodCRUD)
-	registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLRulesTranslate)
-	registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
 	registerEndpoint("/v1/acl/tokens", []string{"GET"}, (*HTTPHandlers).ACLTokenList)
 	registerEndpoint("/v1/acl/token", []string{"PUT"}, (*HTTPHandlers).ACLTokenCreate)
 	registerEndpoint("/v1/acl/token/self", []string{"GET"}, (*HTTPHandlers).ACLTokenSelf)
@ -126,4 +124,6 @@ func init() {
 	registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
 	registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLLegacy)
 	registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
+	registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLLegacy)
+	registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
 }