From 732b841dd715819422ad63fc0ca5e42707d9800a Mon Sep 17 00:00:00 2001
From: Daniel Nephin <dnephin@hashicorp.com>
Date: Tue, 5 Oct 2021 12:13:04 -0400
Subject: [PATCH] state: remove support for updating legacy ACL tokens

---
 agent/consul/state/acl.go |  6 +-----
 agent/structs/acl.go      | 12 ------------
 2 files changed, 1 insertion(+), 17 deletions(-)

diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go
index 986fbc7ee..9b84c6c16 100644
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@@ -498,11 +498,7 @@ func aclTokenSetTxn(tx WriteTxn, idx uint64, token *structs.ACLToken, opts ACLTo
 	}
 
 	if opts.Legacy && original != nil {
-		if original.UsesNonLegacyFields() {
-			return fmt.Errorf("failed inserting acl token: cannot use legacy endpoint to modify a non-legacy token")
-		}
-
-		token.AccessorID = original.AccessorID
+		return fmt.Errorf("legacy tokens can not be modified")
 	}
 
 	if err := aclTokenUpsertValidateEnterprise(tx, token, original); err != nil {
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
index 15edc47f2..8f5e23c02 100644
--- a/agent/structs/acl.go
+++ b/agent/structs/acl.go
@@ -412,18 +412,6 @@ func (t *ACLToken) HasExpirationTime() bool {
 	return t.ExpirationTime != nil && !t.ExpirationTime.IsZero()
 }
 
-// TODO(ACL-Legacy-Compat): remove
-func (t *ACLToken) UsesNonLegacyFields() bool {
-	return len(t.Policies) > 0 ||
-		len(t.ServiceIdentities) > 0 ||
-		len(t.NodeIdentities) > 0 ||
-		len(t.Roles) > 0 ||
-		t.Type == "" ||
-		t.HasExpirationTime() ||
-		t.ExpirationTTL != 0 ||
-		t.AuthMethod != ""
-}
-
 func (t *ACLToken) EnterpriseMetadata() *EnterpriseMeta {
 	return &t.EnterpriseMeta
 }