acl: remove init check for legacy anon token

This token should always already be migrated from a previous version.
2021-10-05 12:07:52 -04:00 · 2021-10-05 12:07:52 -04:00 · 76b007dacd
parent 8ae6ee4e36
commit 76b007dacd
2 changed files with 16 additions and 32 deletions
--- a/agent/config/default.go
+++ b/agent/config/default.go
@ -18,11 +18,6 @@ func DefaultSource() Source {
 	serfLAN := cfg.SerfLANConfig.MemberlistConfig
 	serfWAN := cfg.SerfWANConfig.MemberlistConfig

-	// DEPRECATED (ACL-Legacy-Compat) - when legacy ACL support is removed these defaults
-	//   the acl_* config entries here should be transitioned to their counterparts in the
-	//   acl stanza for now we need to be able to detect the new entries not being set (not
-	//   just set to the defaults here) so that we can use the old entries. So the true
-	//   default still needs to reside in the original config values
 	return FileSource{
 		Name:   "default",
 		Format: "hcl",
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@ -498,35 +498,24 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 		}
 		// Ignoring expiration times to avoid an insertion collision.
 		if token == nil {
-			// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token
-			// check for legacy token that needs an upgrade
-			_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil)
+			token = &structs.ACLToken{
+				AccessorID:     structs.ACLTokenAnonymousID,
+				SecretID:       anonymousToken,
+				Description:    "Anonymous Token",
+				CreateTime:     time.Now(),
+				EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
+			}
+			token.SetHash(true)
+
+			req := structs.ACLTokenBatchSetRequest{
+				Tokens: structs.ACLTokens{token},
+				CAS:    false,
+			}
+			_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
 			if err != nil {
-				return fmt.Errorf("failed to get anonymous token: %v", err)
-			}
-			// Ignoring expiration times to avoid an insertion collision.
-
-			// the token upgrade routine will take care of upgrading the token if a legacy version exists
-			if legacyToken == nil {
-				token = &structs.ACLToken{
-					AccessorID:     structs.ACLTokenAnonymousID,
-					SecretID:       anonymousToken,
-					Description:    "Anonymous Token",
-					CreateTime:     time.Now(),
-					EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
-				}
-				token.SetHash(true)
-
-				req := structs.ACLTokenBatchSetRequest{
-					Tokens: structs.ACLTokens{token},
-					CAS:    false,
-				}
-				_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
-				if err != nil {
-					return fmt.Errorf("failed to create anonymous token: %v", err)
-				}
-				s.logger.Info("Created ACL anonymous token from configuration")
+				return fmt.Errorf("failed to create anonymous token: %v", err)
 			}
+			s.logger.Info("Created ACL anonymous token from configuration")
 		}
 		// launch the upgrade go routine to generate accessors for everything
 		s.startACLUpgrade(ctx)