luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #10807 from hashicorp/dnephin/remove-acl-datacenter 

config: remove ACLDatacenter
This commit is contained in:
Daniel Nephin 2021-08-17 13:07:09 -04:00 committed by GitHub
parent 9ea02121b7 364ef3d052
commit 7f71a672f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 253 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
agent/acl_endpoint_legacy.go
View File

@ -19,7 +19,7 @@ func (s *HTTPHandlers) ACLDestroy(resp http.ResponseWriter, req *http.Request) (
}
args := structs.ACLRequest{
Datacenter: s.agent.config.ACLDatacenter,
Datacenter: s.agent.config.PrimaryDatacenter,
Op: structs.ACLDelete,
}
s.parseToken(req, &args.Token)
@ -55,7 +55,7 @@ func (s *HTTPHandlers) ACLUpdate(resp http.ResponseWriter, req *http.Request) (i
func (s *HTTPHandlers) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) {
args := structs.ACLRequest{
Datacenter: s.agent.config.ACLDatacenter,
Datacenter: s.agent.config.PrimaryDatacenter,
Op: structs.ACLSet,
ACL: structs.ACL{
Type: structs.ACLTokenTypeClient,
@ -96,7 +96,7 @@ func (s *HTTPHandlers) ACLClone(resp http.ResponseWriter, req *http.Request) (in
}
args := structs.ACLSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
Datacenter: s.agent.config.PrimaryDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
@ -148,7 +148,7 @@ func (s *HTTPHandlers) ACLGet(resp http.ResponseWriter, req *http.Request) (inte
}
args := structs.ACLSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
Datacenter: s.agent.config.PrimaryDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
@ -182,7 +182,7 @@ func (s *HTTPHandlers) ACLList(resp http.ResponseWriter, req *http.Request) (int
}
args := structs.DCSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
Datacenter: s.agent.config.PrimaryDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {

3
agent/agent.go
View File

@ -1115,9 +1115,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co
if runtimeCfg.ACLMasterToken != "" {
cfg.ACLMasterToken = runtimeCfg.ACLMasterToken
}
if runtimeCfg.ACLDatacenter != "" {
cfg.ACLDatacenter = runtimeCfg.ACLDatacenter
}
if runtimeCfg.ACLTokenTTL != 0 {
cfg.ACLTokenTTL = runtimeCfg.ACLTokenTTL
}

3
agent/config/builder.go
View File

@ -867,7 +867,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
// ACL
ACLsEnabled: aclsEnabled,
ACLDatacenter: primaryDatacenter,
ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)),
ACLDownPolicy: stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)),
ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)),
@ -1311,7 +1310,7 @@ func (b *builder) validate(rt RuntimeConfig) error {
if rt.AutopilotMaxTrailingLogs < 0 {
return fmt.Errorf("autopilot.max_trailing_logs cannot be %d. Must be greater than or equal to zero", rt.AutopilotMaxTrailingLogs)
}
if err := validateBasicName("acl_datacenter", rt.ACLDatacenter, true); err != nil {
if err := validateBasicName("primary_datacenter", rt.PrimaryDatacenter, true); err != nil {
return err
}
// In DevMode, UI is enabled by default, so to enable rt.UIDir, don't perform this check

11
agent/config/runtime.go
View File

@ -69,13 +69,6 @@ type RuntimeConfig struct {
ACLTokens token.Config
// ACLDatacenter is the central datacenter that holds authoritative
// ACL records. This must be the same for the entire cluster.
// If this is not set, ACLs are not enabled. Off by default.
//
// hcl: acl_datacenter = string
ACLDatacenter string
// ACLDefaultPolicy is used to control the ACL interaction when
// there is no defined policy. This can be "allow" which means
// ACLs are used to deny-list, or "deny" which means ACLs are
@ -85,7 +78,7 @@ type RuntimeConfig struct {
ACLDefaultPolicy string
// ACLDownPolicy is used to control the ACL interaction when we cannot
// reach the ACLDatacenter and the token is not in the cache.
// reach the PrimaryDatacenter and the token is not in the cache.
// There are the following modes:
// * allow - Allow all requests
// * deny - Deny all requests
@ -109,7 +102,7 @@ type RuntimeConfig struct {
ACLEnableKeyListPolicy bool
// ACLMasterToken is used to bootstrap the ACL system. It should be specified
// on the servers in the ACLDatacenter. When the leader comes online, it ensures
// on the servers in the PrimaryDatacenter. When the leader comes online, it ensures
// that the Master token is available. This provides the initial token.
//
// hcl: acl.tokens.master = string

37
agent/config/runtime_test.go
View File

@ -221,7 +221,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -237,7 +236,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -254,7 +252,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "b"
rt.ACLDatacenter = "b"
rt.PrimaryDatacenter = "b"
rt.DataDir = dataDir
},
@ -285,7 +282,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -471,7 +467,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -492,7 +487,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -509,7 +503,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -659,7 +652,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "dc2"
rt.PrimaryDatacenter = "dc1"
rt.ACLDatacenter = "dc1"
rt.PrimaryGateways = []string{"a", "b"}
rt.DataDir = dataDir
// server things
@ -1484,7 +1476,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.Bootstrap = false
rt.BootstrapExpect = 0
rt.Datacenter = "b"
rt.ACLDatacenter = "b"
rt.PrimaryDatacenter = "b"
rt.StartJoinAddrsLAN = []string{"a", "b", "c", "d"}
rt.NodeMeta = map[string]string{"a": "c"}
@ -1540,7 +1531,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.SerfAdvertiseAddrLAN = tcpAddr("1.1.1.1:8301")
rt.SerfAdvertiseAddrWAN = tcpAddr("2.2.2.2:8302")
rt.Datacenter = "b"
rt.ACLDatacenter = "b"
rt.PrimaryDatacenter = "b"
rt.DNSRecursors = []string{"1.2.3.6", "5.6.7.10", "1.2.3.5", "5.6.7.9"}
rt.NodeMeta = map[string]string{"a": "c"}
@ -1626,7 +1616,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
hcl: []string{`datacenter = "A"`},
expected: func(rt *RuntimeConfig) {
rt.Datacenter = "a"
rt.ACLDatacenter = "a"
rt.PrimaryDatacenter = "a"
rt.DataDir = dataDir
},
@ -1638,7 +1627,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
hcl: []string{`acl_datacenter = "A"`},
expected: func(rt *RuntimeConfig) {
rt.ACLsEnabled = true
rt.ACLDatacenter = "a"
rt.DataDir = dataDir
rt.PrimaryDatacenter = "a"
},
@ -1749,15 +1737,28 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
},
})
run(t, testCase{
desc: "acl_datacenter invalid",
desc: "primary_datacenter invalid",
args: []string{
`-datacenter=a`,
`-data-dir=` + dataDir,
},
json: []string{`{ "acl_datacenter": "%" }`},
hcl: []string{`acl_datacenter = "%"`},
expectedErr: `acl_datacenter can only contain lowercase alphanumeric, - or _ characters.`,
json: []string{`{ "primary_datacenter": "%" }`},
hcl: []string{`primary_datacenter = "%"`},
expectedErr: `primary_datacenter can only contain lowercase alphanumeric, - or _ characters.`,
})
run(t, testCase{
desc: "acl_datacenter deprecated",
args: []string{
`-data-dir=` + dataDir,
},
json: []string{`{ "acl_datacenter": "ab" }`},
hcl: []string{`acl_datacenter = "ab"`},
expectedWarnings: []string{`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`},
expected: func(rt *RuntimeConfig) {
rt.ACLsEnabled = true
rt.PrimaryDatacenter = "ab"
rt.DataDir = dataDir
},
})
run(t, testCase{
desc: "autopilot.max_trailing_logs invalid",
@ -3373,7 +3374,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.DataDir = dataDir
rt.Datacenter = "two"
rt.PrimaryDatacenter = "one"
rt.ACLDatacenter = "one"
rt.PrimaryGateways = []string{"foo.local", "bar.local"}
rt.ConnectEnabled = true
rt.ConnectMeshGatewayWANFederationEnabled = true
@ -5233,7 +5233,7 @@ func TestLoad_FullConfig(t *testing.T) {
},
ACLsEnabled: true,
ACLDatacenter: "ejtmd43d",
PrimaryDatacenter: "ejtmd43d",
ACLDefaultPolicy: "72c2e7a0",
ACLDownPolicy: "03eb2aee",
ACLEnableKeyListPolicy: true,
@ -5483,7 +5483,6 @@ func TestLoad_FullConfig(t *testing.T) {
NodeName: "otlLxGaI",
ReadReplica: true,
PidFile: "43xN80Km",
PrimaryDatacenter: "ejtmd43d",
PrimaryGateways: []string{"aej8eeZo", "roh2KahS"},
PrimaryGatewaysInterval: 18866 * time.Second,
RPCAdvertiseAddr: tcpAddr("17.99.29.16:3757"),

1
agent/config/testdata/TestRuntimeConfig_Sanitize.golden vendored
View File

@ -1,5 +1,4 @@
{
"ACLDatacenter": "",
"ACLDefaultPolicy": "",
"ACLDisabledTTL": "0s",
"ACLDownPolicy": "",

4
agent/consul/acl_client.go
View File

@ -64,8 +64,8 @@ func (c *Client) ACLDatacenter(legacy bool) string {
// in legacy mode the clients should directly query the
// ACL Datacenter. When no ACL datacenter has been set
// then we assume that the local DC is the ACL DC
if legacy && c.config.ACLDatacenter != "" {
return c.config.ACLDatacenter
if legacy && c.config.PrimaryDatacenter != "" {
return c.config.PrimaryDatacenter
}
return c.config.Datacenter

42
agent/consul/acl_endpoint.go
View File

@ -276,7 +276,7 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke
// clients will not know whether the server has local token store. In the case
// where it doesn't we will transparently forward requests.
if !a.srv.LocalTokensEnabled() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.TokenRead", args, reply); done {
@ -345,7 +345,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok
// clients will not know whether the server has local token store. In the case
// where it doesn't we will transparently forward requests.
if !a.srv.LocalTokensEnabled() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.TokenClone", args, reply); done {
@ -369,8 +369,8 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok
return acl.ErrNotFound
} else if !a.srv.InACLDatacenter() && !token.Local {
// global token writes must be forwarded to the primary DC
args.Datacenter = a.srv.config.ACLDatacenter
return a.srv.forwardDC("ACL.TokenClone", a.srv.config.ACLDatacenter, args, reply)
args.Datacenter = a.srv.config.PrimaryDatacenter
return a.srv.forwardDC("ACL.TokenClone", a.srv.config.PrimaryDatacenter, args, reply)
}
if token.AuthMethod != "" {
@ -414,7 +414,7 @@ func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken
// Global token creation/modification always goes to the ACL DC
if !args.ACLToken.Local {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
} else if !a.srv.LocalTokensEnabled() {
return fmt.Errorf("Local tokens are disabled")
}
@ -822,7 +822,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er
}
if !a.srv.LocalTokensEnabled() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.TokenDelete", args, reply); done {
@ -862,13 +862,13 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er
// token found in secondary DC but its not local so it must be deleted in the primary
if !a.srv.InACLDatacenter() && !token.Local {
args.Datacenter = a.srv.config.ACLDatacenter
return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply)
args.Datacenter = a.srv.config.PrimaryDatacenter
return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply)
}
} else if !a.srv.InACLDatacenter() {
// token not found in secondary DC - attempt to delete within the primary
args.Datacenter = a.srv.config.ACLDatacenter
return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply)
args.Datacenter = a.srv.config.PrimaryDatacenter
return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply)
} else {
// in Primary Datacenter but the token does not exist - return early as there is nothing to do.
return nil
@ -903,12 +903,12 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
}
if !a.srv.LocalTokensEnabled() {
if args.Datacenter != a.srv.config.ACLDatacenter {
args.Datacenter = a.srv.config.ACLDatacenter
if args.Datacenter != a.srv.config.PrimaryDatacenter {
args.Datacenter = a.srv.config.PrimaryDatacenter
args.IncludeLocal = false
args.IncludeGlobal = true
}
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.TokenList", args, reply); done {
@ -969,7 +969,7 @@ func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *struc
}
if !a.srv.LocalTokensEnabled() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.TokenBatchRead", args, reply); done {
@ -1095,7 +1095,7 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
}
if !a.srv.InACLDatacenter() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.PolicySet", args, reply); done {
@ -1226,7 +1226,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string)
}
if !a.srv.InACLDatacenter() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.PolicyDelete", args, reply); done {
@ -1385,7 +1385,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicyResolveLegacyRequest, reply *stru
}
// Verify we are allowed to serve this request
if a.srv.config.ACLDatacenter != a.srv.config.Datacenter {
if a.srv.config.PrimaryDatacenter != a.srv.config.Datacenter {
return acl.ErrDisabled
}
@ -1527,7 +1527,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
}
if !a.srv.InACLDatacenter() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.RoleSet", args, reply); done {
@ -1685,7 +1685,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro
}
if !a.srv.InACLDatacenter() {
args.Datacenter = a.srv.config.ACLDatacenter
args.Datacenter = a.srv.config.PrimaryDatacenter
}
if done, err := a.srv.ForwardRPC("ACL.RoleDelete", args, reply); done {
@ -2522,8 +2522,8 @@ func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error {
} else if !a.srv.InACLDatacenter() && !token.Local {
// global token writes must be forwarded to the primary DC
args.Datacenter = a.srv.config.ACLDatacenter
return a.srv.forwardDC("ACL.Logout", a.srv.config.ACLDatacenter, args, reply)
args.Datacenter = a.srv.config.PrimaryDatacenter
return a.srv.forwardDC("ACL.Logout", a.srv.config.PrimaryDatacenter, args, reply)
}
// No need to check expiration time because it's being deleted.

2
agent/consul/acl_endpoint_legacy.go
View File

@ -56,7 +56,7 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err
// Attempt a bootstrap.
req := structs.ACLRequest{
Datacenter: a.srv.config.ACLDatacenter,
Datacenter: a.srv.config.PrimaryDatacenter,
Op: structs.ACLBootstrapNow,
ACL: structs.ACL{
ID: token,

4
agent/consul/acl_endpoint_test.go
View File

@ -33,7 +33,7 @@ func TestACLEndpoint_Bootstrap(t *testing.T) {
t.Parallel()
_, srv, codec := testACLServerWithConfig(t, func(c *Config) {
c.Build = "0.8.0" // Too low for auto init of bootstrap.
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
// remove the default as we want to bootstrap
c.ACLMasterToken = ""
@ -490,7 +490,7 @@ func TestACLEndpoint_ReplicationStatus(t *testing.T) {
t.Parallel()
_, srv, codec := testACLServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc2"
c.PrimaryDatacenter = "dc2"
c.ACLTokenReplication = true
c.ACLReplicationRate = 100
c.ACLReplicationBurst = 100

19
agent/consul/acl_replication.go
View File

@ -8,8 +8,9 @@ import (
"time"
metrics "github.com/armon/go-metrics"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/consul/agent/structs"
)
const (
@ -86,7 +87,7 @@ var errContainsRedactedData = errors.New("replication results contain redacted d
func (s *Server) fetchACLRolesBatch(roleIDs []string) (*structs.ACLRoleBatchResponse, error) {
req := structs.ACLRoleBatchGetRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
RoleIDs: roleIDs,
QueryOptions: structs.QueryOptions{
AllowStale: true,
@ -106,7 +107,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp
defer metrics.MeasureSince([]string{"leader", "replication", "acl", "role", "fetch"}, time.Now())
req := structs.ACLRoleListRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
QueryOptions: structs.QueryOptions{
AllowStale: true,
MinQueryIndex: lastRemoteIndex,
@ -124,7 +125,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp
func (s *Server) fetchACLPoliciesBatch(policyIDs []string) (*structs.ACLPolicyBatchResponse, error) {
req := structs.ACLPolicyBatchGetRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
PolicyIDs: policyIDs,
QueryOptions: structs.QueryOptions{
AllowStale: true,
@ -144,7 +145,7 @@ func (s *Server) fetchACLPolicies(lastRemoteIndex uint64) (*structs.ACLPolicyLis
defer metrics.MeasureSince([]string{"leader", "replication", "acl", "policy", "fetch"}, time.Now())
req := structs.ACLPolicyListRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
QueryOptions: structs.QueryOptions{
AllowStale: true,
MinQueryIndex: lastRemoteIndex,
@ -314,7 +315,7 @@ func (s *Server) updateLocalACLType(ctx context.Context, logger hclog.Logger, tr
func (s *Server) fetchACLTokensBatch(tokenIDs []string) (*structs.ACLTokenBatchResponse, error) {
req := structs.ACLTokenBatchGetRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
AccessorIDs: tokenIDs,
QueryOptions: structs.QueryOptions{
AllowStale: true,
@ -334,7 +335,7 @@ func (s *Server) fetchACLTokens(lastRemoteIndex uint64) (*structs.ACLTokenListRe
defer metrics.MeasureSince([]string{"leader", "replication", "acl", "token", "fetch"}, time.Now())
req := structs.ACLTokenListRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
QueryOptions: structs.QueryOptions{
AllowStale: true,
MinQueryIndex: lastRemoteIndex,
@ -479,7 +480,7 @@ func (s *Server) replicateACLType(ctx context.Context, logger hclog.Logger, tr a
// IsACLReplicationEnabled returns true if ACL replication is enabled.
// DEPRECATED (ACL-Legacy-Compat) - with new ACLs at least policy replication is required
func (s *Server) IsACLReplicationEnabled() bool {
authDC := s.config.ACLDatacenter
authDC := s.config.PrimaryDatacenter
return len(authDC) > 0 && (authDC != s.config.Datacenter) &&
s.config.ACLTokenReplication
}
@ -517,7 +518,7 @@ func (s *Server) initReplicationStatus() {
s.aclReplicationStatus.Enabled = true
s.aclReplicationStatus.Running = true
s.aclReplicationStatus.SourceDatacenter = s.config.ACLDatacenter
s.aclReplicationStatus.SourceDatacenter = s.config.PrimaryDatacenter
}
func (s *Server) updateACLReplicationStatusStopped() {

5
agent/consul/acl_replication_legacy.go
View File

@ -7,8 +7,9 @@ import (
"time"
metrics "github.com/armon/go-metrics"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/consul/agent/structs"
)
// aclIterator simplifies the algorithm below by providing a basic iterator that
@ -166,7 +167,7 @@ func (s *Server) fetchRemoteLegacyACLs(lastRemoteIndex uint64) (*structs.Indexed
defer metrics.MeasureSince([]string{"leader", "fetchRemoteACLs"}, time.Now())
args := structs.DCSpecificRequest{
Datacenter: s.config.ACLDatacenter,
Datacenter: s.config.PrimaryDatacenter,
QueryOptions: structs.QueryOptions{
Token: s.tokens.ReplicationToken(),
MinQueryIndex: lastRemoteIndex,

14
agent/consul/acl_replication_legacy_test.go
View File

@ -234,7 +234,7 @@ func TestACLReplication_updateLocalACLs_RateLimit(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLReplicationApplyLimit = 1
})
@ -289,7 +289,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) {
t.Parallel()
// ACLs not enabled.
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = ""
c.PrimaryDatacenter = ""
c.ACLsEnabled = false
})
defer os.RemoveAll(dir1)
@ -301,7 +301,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) {
// ACLs enabled but not replication.
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
})
defer os.RemoveAll(dir2)
@ -316,7 +316,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) {
// ACLs enabled with replication.
dir3, s3 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
})
@ -331,7 +331,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) {
// so replication should be disabled.
dir4, s4 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
})
@ -354,7 +354,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -366,7 +366,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
c.ACLReplicationRate = 100

19
agent/consul/acl_replication_test.go
View File

@ -7,13 +7,14 @@ import (
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/consul/authmethod/testauth"
"github.com/hashicorp/consul/agent/structs"
tokenStore "github.com/hashicorp/consul/agent/token"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/stretchr/testify/require"
)
func TestACLReplication_diffACLPolicies(t *testing.T) {
@ -298,7 +299,7 @@ func TestACLReplication_Tokens(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -310,7 +311,7 @@ func TestACLReplication_Tokens(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
c.ACLReplicationRate = 100
@ -515,7 +516,7 @@ func TestACLReplication_Policies(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -527,7 +528,7 @@ func TestACLReplication_Policies(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = false
c.ACLReplicationRate = 100
@ -640,7 +641,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -683,7 +684,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
c.ACLReplicationRate = 100
@ -791,7 +792,7 @@ func TestACLReplication_AllTypes(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -803,7 +804,7 @@ func TestACLReplication_AllTypes(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = true
c.ACLReplicationRate = 100

10
agent/consul/acl_server.go
View File

@ -119,9 +119,9 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool {
}
if !s.InACLDatacenter() {
foundServers, mode, _ := ServersGetACLMode(s, "", s.config.ACLDatacenter)
foundServers, mode, _ := ServersGetACLMode(s, "", s.config.PrimaryDatacenter)
if mode != structs.ACLModeEnabled || !foundServers {
s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "ACLDatacenter", s.config.ACLDatacenter, "mode", mode, "found", foundServers)
s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "PrimaryDatacenter", s.config.PrimaryDatacenter, "mode", mode, "found", foundServers)
return false
}
}
@ -143,7 +143,7 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool {
}
func (s *Server) InACLDatacenter() bool {
return s.config.ACLDatacenter == "" || s.config.Datacenter == s.config.ACLDatacenter
return s.config.PrimaryDatacenter == "" || s.config.Datacenter == s.config.PrimaryDatacenter
}
func (s *Server) UseLegacyACLs() bool {
@ -167,8 +167,8 @@ func (s *Server) LocalTokensEnabled() bool {
func (s *Server) ACLDatacenter(legacy bool) string {
// For resolution running on servers the only option
// is to contact the configured ACL Datacenter
if s.config.ACLDatacenter != "" {
return s.config.ACLDatacenter
if s.config.PrimaryDatacenter != "" {
return s.config.PrimaryDatacenter
}
// This function only gets called if ACLs are enabled.

10
agent/consul/acl_test.go
View File

@ -2194,7 +2194,7 @@ func TestACL_Replication(t *testing.T) {
for _, aclDownPolicy := range aclExtendPolicies {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLMasterToken = "root"
})
defer os.RemoveAll(dir1)
@ -2204,7 +2204,7 @@ func TestACL_Replication(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLDefaultPolicy = "deny"
c.ACLDownPolicy = aclDownPolicy
c.ACLTokenReplication = true
@ -2218,7 +2218,7 @@ func TestACL_Replication(t *testing.T) {
dir3, s3 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc3"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLDownPolicy = "deny"
c.ACLTokenReplication = true
c.ACLReplicationRate = 100
@ -2312,7 +2312,7 @@ func TestACL_Replication(t *testing.T) {
func TestACL_MultiDC_Found(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLMasterToken = "root"
})
defer os.RemoveAll(dir1)
@ -2322,7 +2322,7 @@ func TestACL_MultiDC_Found(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1" // Enable ACLs!
c.PrimaryDatacenter = "dc1" // Enable ACLs!
})
defer os.RemoveAll(dir2)
defer s2.Shutdown()

5
agent/consul/acl_token_exp_test.go
View File

@ -5,9 +5,10 @@ import (
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc"
"github.com/stretchr/testify/require"
)
func TestACLTokenReap_Primary(t *testing.T) {
@ -41,7 +42,7 @@ func testACLTokenReap_Primary(t *testing.T, local, global bool) {
require.NotEqual(t, local, global)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLTokenMinExpirationTTL = 10 * time.Millisecond

1
agent/consul/auto_encrypt_endpoint_test.go
View File

@ -57,6 +57,7 @@ func TestAutoEncryptSign(t *testing.T) {
}
dir, s := testServerWithConfig(t, func(c *Config) {
c.AutoEncryptAllowTLS = true
c.PrimaryDatacenter = "dc1"
c.Bootstrap = true
c.TLSConfig.CAFile = root
c.TLSConfig.VerifyOutgoing = true

20
agent/consul/catalog_endpoint_test.go
View File

@ -180,7 +180,7 @@ func TestCatalog_Register_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -426,7 +426,7 @@ func TestCatalog_Register_ConnectProxy_ACLDestinationServiceName(t *testing.T) {
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -555,7 +555,7 @@ func TestCatalog_Deregister_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1295,7 +1295,7 @@ func TestCatalog_ListNodes_ACLFilter(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1636,7 +1636,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
})
defer os.RemoveAll(dir1)
@ -1644,7 +1644,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) {
testrpc.WaitForTestAgent(t, s1.RPC, "dc1")
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" // Enable ACLs!
c.PrimaryDatacenter = "dc1" // Enable ACLs!
c.ACLsEnabled = true
c.Bootstrap = false // Disable bootstrap
})
@ -2413,7 +2413,7 @@ func TestCatalog_ListServiceNodes_ConnectProxy_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -2708,7 +2708,7 @@ func TestCatalog_Register_FailedCase1(t *testing.T) {
func testACLFilterServer(t *testing.T) (dir, token string, srv *Server, codec rpc.ClientCodec) {
dir, srv = testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -2871,7 +2871,7 @@ func TestCatalog_NodeServices_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -3284,7 +3284,7 @@ func TestCatalog_GatewayServices_ACLFiltering(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

8
agent/consul/config.go
View File

@ -179,14 +179,10 @@ type Config struct {
ACLsEnabled bool
// ACLMasterToken is used to bootstrap the ACL system. It should be specified
// on the servers in the ACLDatacenter. When the leader comes online, it ensures
// on the servers in the PrimaryDatacenter. When the leader comes online, it ensures
// that the Master token is available. This provides the initial token.
ACLMasterToken string
// ACLDatacenter provides the authoritative datacenter for ACL
// tokens. If not provided, ACL verification is disabled.
ACLDatacenter string
// ACLTokenTTL controls the time-to-live of cached ACL tokens.
// It can be set to zero to disable caching, but this adds
// a substantial cost.
@ -219,7 +215,7 @@ type Config struct {
// allow-lists.
ACLDefaultPolicy string
// ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter
// ACLDownPolicy controls the behavior of ACLs if the PrimaryDatacenter
// cannot be contacted. It can be either "deny" to deny all requests,
// "extend-cache" or "async-cache" which ignores the ACLCacheInterval and
// uses cached policies.

12
agent/consul/config_endpoint_test.go
View File

@ -152,7 +152,7 @@ func TestConfigEntry_Apply_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -281,7 +281,7 @@ func TestConfigEntry_Get_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -494,7 +494,7 @@ func TestConfigEntry_List_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -579,7 +579,7 @@ func TestConfigEntry_ListAll_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -738,7 +738,7 @@ func TestConfigEntry_Delete_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1960,7 +1960,7 @@ func TestConfigEntry_ResolveServiceConfig_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

8
agent/consul/connect_ca_endpoint_test.go
View File

@ -161,7 +161,7 @@ func TestConnectCAConfig_GetSet_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = TestDefaultMasterToken
c.ACLDefaultPolicy = "deny"
@ -670,6 +670,7 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
// Initialize primary as the primary DC
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "primary"
c.PrimaryDatacenter = "primary"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -842,6 +843,7 @@ func TestConnectCASign(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(cfg *Config) {
cfg.PrimaryDatacenter = "dc1"
cfg.CAConfig.Config["PrivateKeyType"] = tt.caKeyType
cfg.CAConfig.Config["PrivateKeyBits"] = tt.caKeyBits
})
@ -931,6 +933,7 @@ func TestConnectCASign_rateLimit(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.Bootstrap = true
c.CAConfig.Config = map[string]interface{}{
// It actually doesn't work as expected with some higher values because
@ -996,6 +999,7 @@ func TestConnectCASign_concurrencyLimit(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.Bootstrap = true
c.CAConfig.Config = map[string]interface{}{
// Must disable the rate limit since it takes precedence
@ -1102,7 +1106,7 @@ func TestConnectCASignValidation(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

6
agent/consul/coordinate_endpoint_test.go
View File

@ -194,7 +194,7 @@ func TestCoordinate_Update_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -370,7 +370,7 @@ func TestCoordinate_ListNodes_ACLFilter(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -562,7 +562,7 @@ func TestCoordinate_Node_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

7
agent/consul/discovery_chain_endpoint_test.go
View File

@ -6,12 +6,13 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
)
func TestDiscoveryChainEndpoint_Get(t *testing.T) {
@ -23,7 +24,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.PrimaryDatacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

21
agent/consul/federation_state_endpoint_test.go
View File

@ -6,15 +6,16 @@ import (
"testing"
"time"
uuid "github.com/hashicorp/go-uuid"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/types"
uuid "github.com/hashicorp/go-uuid"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
)
func TestFederationState_Apply_Upsert(t *testing.T) {
@ -26,6 +27,7 @@ func TestFederationState_Apply_Upsert(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -112,7 +114,7 @@ func TestFederationState_Apply_Upsert_ACLDeny(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -189,6 +191,7 @@ func TestFederationState_Get(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -232,7 +235,7 @@ func TestFederationState_Get_ACLDeny(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -305,6 +308,7 @@ func TestFederationState_List(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -403,7 +407,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) {
c.DisableFederationStateAntiEntropy = true
c.Datacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -419,7 +423,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) {
c.DisableFederationStateAntiEntropy = true
c.Datacenter = "dc2"
c.PrimaryDatacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -595,6 +599,7 @@ func TestFederationState_Apply_Delete(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -678,7 +683,7 @@ func TestFederationState_Apply_Delete_ACLDeny(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.DisableFederationStateAntiEntropy = true
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

11
agent/consul/health_endpoint_test.go
View File

@ -5,6 +5,10 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/lib"
@ -12,9 +16,6 @@ import (
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/types"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestHealth_ChecksInState(t *testing.T) {
@ -980,7 +981,7 @@ func TestHealth_ServiceNodes_ConnectProxy_ACL(t *testing.T) {
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1294,7 +1295,7 @@ func TestHealth_ServiceNodes_Ingress_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

23
agent/consul/intention_endpoint_test.go
View File

@ -6,11 +6,12 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/sdk/testutil"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
)
// Test basic creation
@ -859,7 +860,7 @@ func TestIntentionApply_aclDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1264,7 +1265,7 @@ func TestIntentionApply_aclDelete(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1345,7 +1346,7 @@ func TestIntentionApply_aclUpdate(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1414,7 +1415,7 @@ func TestIntentionApply_aclManagement(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1459,7 +1460,7 @@ func TestIntentionApply_aclUpdateChange(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1524,7 +1525,7 @@ func TestIntentionGet_acl(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1928,7 +1929,7 @@ func TestIntentionCheck_defaultACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1964,7 +1965,7 @@ func TestIntentionCheck_defaultACLAllow(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -2000,7 +2001,7 @@ func TestIntentionCheck_aclDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

17
agent/consul/internal_endpoint_test.go
View File

@ -6,6 +6,10 @@ import (
"strings"
"testing"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
@ -13,9 +17,6 @@ import (
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/types"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestInternal_NodeInfo(t *testing.T) {
@ -559,7 +560,7 @@ func TestInternal_EventFire_Token(t *testing.T) {
t.Parallel()
dir, srv := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDownPolicy = "deny"
@ -958,7 +959,7 @@ func TestInternal_GatewayServiceDump_Terminating_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1301,7 +1302,7 @@ func TestInternal_GatewayServiceDump_Ingress_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1904,7 +1905,7 @@ func TestInternal_ServiceTopology_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = TestDefaultMasterToken
c.ACLDefaultPolicy = "deny"
@ -2041,7 +2042,7 @@ func TestInternal_IntentionUpstreams_ACL(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = TestDefaultMasterToken
c.ACLDefaultPolicy = "deny"

15
agent/consul/kvs_endpoint_test.go
View File

@ -5,12 +5,13 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
)
func TestKVS_Apply(t *testing.T) {
@ -81,7 +82,7 @@ func TestKVS_Apply_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -201,7 +202,7 @@ func TestKVS_Get_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -422,7 +423,7 @@ func TestKVSEndpoint_List_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -512,7 +513,7 @@ func TestKVSEndpoint_List_ACLEnableKeyListPolicy(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -715,7 +716,7 @@ func TestKVSEndpoint_ListKeys_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

2
agent/consul/leader.go
View File

@ -404,7 +404,7 @@ func (s *Server) initializeLegacyACL() error {
return nil
}
authDC := s.config.ACLDatacenter
authDC := s.config.PrimaryDatacenter
// Create anonymous token if missing.
state := s.fsm.State()

7
agent/consul/leader_connect_test.go
View File

@ -55,6 +55,7 @@ func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) {
// Initialize primary as the primary DC
dir1, srv := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.Build = "1.6.0"
c.CAConfig.Config["PrivateKeyType"] = src.keyType
c.CAConfig.Config["PrivateKeyBits"] = src.keyBits
@ -200,7 +201,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) {
// Initialize primary as the primary DC
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "primary"
c.ACLDatacenter = "primary"
c.PrimaryDatacenter = "primary"
c.Build = "1.6.0"
c.ACLsEnabled = true
c.ACLMasterToken = masterToken
@ -219,7 +220,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) {
// secondary as a secondary DC
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "secondary"
c.ACLDatacenter = "primary"
c.PrimaryDatacenter = "primary"
c.Build = "1.6.0"
c.ACLsEnabled = true
c.ACLDefaultPolicy = "deny"
@ -600,6 +601,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Build = "1.6.0"
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()
@ -850,6 +852,7 @@ func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Build = "1.6.0"
c.PrimaryDatacenter = "dc1"
})
defer os.RemoveAll(dir1)
defer s1.Shutdown()

7
agent/consul/leader_federation_state_ae_test.go
View File

@ -5,12 +5,13 @@ import (
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/agent/token"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/stretchr/testify/require"
)
func TestLeader_FederationStateAntiEntropy_FeatureIsStickyEvenIfSerfTagsRegress(t *testing.T) {
@ -356,7 +357,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.PrimaryDatacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -370,7 +371,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.PrimaryDatacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

4
agent/consul/leader_intentions_test.go
View File

@ -27,7 +27,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -62,7 +62,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) {
// dc2 as a secondary DC
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLDefaultPolicy = "deny"
c.ACLTokenReplication = false

35
agent/consul/leader_test.go
View File

@ -29,7 +29,7 @@ func TestLeader_RegisterMember(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -106,7 +106,7 @@ func TestLeader_FailedMember(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -172,7 +172,7 @@ func TestLeader_LeftMember(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -224,7 +224,7 @@ func TestLeader_ReapMember(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -291,7 +291,7 @@ func TestLeader_CheckServersMeta(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -301,7 +301,7 @@ func TestLeader_CheckServersMeta(t *testing.T) {
defer s1.Shutdown()
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -311,7 +311,7 @@ func TestLeader_CheckServersMeta(t *testing.T) {
defer s2.Shutdown()
dir3, s3 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -399,7 +399,7 @@ func TestLeader_ReapServer(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -409,7 +409,7 @@ func TestLeader_ReapServer(t *testing.T) {
defer s1.Shutdown()
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -419,7 +419,7 @@ func TestLeader_ReapServer(t *testing.T) {
defer s2.Shutdown()
dir3, s3 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "allow"
@ -480,7 +480,7 @@ func TestLeader_Reconcile_ReapMember(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -534,7 +534,7 @@ func TestLeader_Reconcile(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -889,7 +889,7 @@ func TestLeader_ReapTombstones(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1194,7 +1194,7 @@ func TestLeader_ACL_Initialization(t *testing.T) {
c.Build = tt.build
c.Bootstrap = true
c.Datacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = tt.master
}
@ -1232,6 +1232,7 @@ func TestLeader_ACLUpgrade(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLsEnabled = true
c.PrimaryDatacenter = "dc1"
c.ACLMasterToken = "root"
})
defer os.RemoveAll(dir1)
@ -1305,7 +1306,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) {
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
})
@ -1318,7 +1319,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = false
c.ACLReplicationRate = 100
@ -1363,7 +1364,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) {
dir2new, s2new := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLTokenReplication = false
c.ACLReplicationRate = 100

13
agent/consul/operator_autopilot_endpoint_test.go
View File

@ -5,14 +5,15 @@ import (
"testing"
"time"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/raft"
autopilot "github.com/hashicorp/raft-autopilot"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
)
func TestOperator_Autopilot_GetConfiguration(t *testing.T) {
@ -51,7 +52,7 @@ func TestOperator_Autopilot_GetConfiguration_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -155,7 +156,7 @@ func TestOperator_Autopilot_SetConfiguration_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

13
agent/consul/operator_raft_endpoint_test.go
View File

@ -7,13 +7,14 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/raft"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/sdk/freeport"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/raft"
"github.com/stretchr/testify/require"
)
func TestOperator_RaftGetConfiguration(t *testing.T) {
@ -69,7 +70,7 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -217,7 +218,7 @@ func TestOperator_RaftRemovePeerByAddress_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -346,7 +347,7 @@ func TestOperator_RaftRemovePeerByID_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

29
agent/consul/prepared_query_endpoint_test.go
View File

@ -11,6 +11,12 @@ import (
"testing"
"time"
"github.com/hashicorp/go-hclog"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/serf/coordinate"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
tokenStore "github.com/hashicorp/consul/agent/token"
@ -18,11 +24,6 @@ import (
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/types"
"github.com/hashicorp/go-hclog"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/serf/coordinate"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestPreparedQuery_Apply(t *testing.T) {
@ -197,7 +198,7 @@ func TestPreparedQuery_Apply_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -643,7 +644,7 @@ func TestPreparedQuery_ACLDeny_Catchall_Template(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -862,7 +863,7 @@ func TestPreparedQuery_Get(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1120,7 +1121,7 @@ func TestPreparedQuery_List(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1333,7 +1334,7 @@ func TestPreparedQuery_Explain(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1474,7 +1475,7 @@ func TestPreparedQuery_Execute(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -1487,7 +1488,7 @@ func TestPreparedQuery_Execute(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLDefaultPolicy = "deny"
})
@ -2780,7 +2781,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -2790,7 +2791,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
dir2, s2 := testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc2"
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

13
agent/consul/server.go
View File

@ -331,19 +331,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
return nil, err
}
// Set the primary DC if it wasn't set.
if config.PrimaryDatacenter == "" {
if config.ACLDatacenter != "" {
config.PrimaryDatacenter = config.ACLDatacenter
} else {
config.PrimaryDatacenter = config.Datacenter
}
}
if config.PrimaryDatacenter != "" {
config.ACLDatacenter = config.PrimaryDatacenter
}
// Create the tombstone GC.
gc, err := state.NewTombstoneGC(config.TombstoneTTL, config.TombstoneTTLGranularity)
if err != nil {

9
agent/consul/server_test.go
View File

@ -74,7 +74,7 @@ func testTLSCertificates(serverName string) (cert string, key string, cacert str
// up all of the ACL configurations (so they can still be overridden)
func testServerACLConfig(cb func(*Config)) func(*Config) {
return func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = TestDefaultMasterToken
c.ACLDefaultPolicy = "deny"
@ -125,6 +125,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
config.NodeName = uniqueNodeName(t.Name())
config.Bootstrap = true
config.Datacenter = "dc1"
config.PrimaryDatacenter = "dc1"
config.DataDir = dir
// bind the rpc server to a random port. config.RPCAdvertise will be
@ -195,6 +196,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
func testServer(t *testing.T) (string, *Server) {
return testServerWithConfig(t, func(c *Config) {
c.Datacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.Bootstrap = true
})
}
@ -209,6 +211,7 @@ func testServerDC(t *testing.T, dc string) (string, *Server) {
func testServerDCBootstrap(t *testing.T, dc string, bootstrap bool) (string, *Server) {
return testServerWithConfig(t, func(c *Config) {
c.Datacenter = dc
c.PrimaryDatacenter = dc
c.Bootstrap = bootstrap
})
}
@ -349,11 +352,11 @@ func TestServer_fixupACLDatacenter(t *testing.T) {
testrpc.WaitForLeader(t, s2.RPC, "bee")
require.Equal(t, "aye", s1.config.Datacenter)
require.Equal(t, "aye", s1.config.ACLDatacenter)
require.Equal(t, "aye", s1.config.PrimaryDatacenter)
require.Equal(t, "aye", s1.config.PrimaryDatacenter)
require.Equal(t, "bee", s2.config.Datacenter)
require.Equal(t, "aye", s2.config.ACLDatacenter)
require.Equal(t, "aye", s2.config.PrimaryDatacenter)
require.Equal(t, "aye", s2.config.PrimaryDatacenter)
}

9
agent/consul/session_endpoint_test.go
View File

@ -5,11 +5,12 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/lib/stringslice"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
)
func TestSession_Apply(t *testing.T) {
@ -153,7 +154,7 @@ func TestSession_Apply_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -391,7 +392,7 @@ func TestSession_Get_List_NodeSessions_ACLFilter(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -750,7 +751,7 @@ func TestSession_Renew_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

9
agent/consul/snapshot_endpoint_test.go
View File

@ -7,14 +7,15 @@ import (
"testing"
"time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
autopilot "github.com/hashicorp/raft-autopilot"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
autopilot "github.com/hashicorp/raft-autopilot"
"github.com/stretchr/testify/require"
)
// verifySnapshot is a helper that does a snapshot and restore.
@ -268,7 +269,7 @@ func TestSnapshot_ACLDeny(t *testing.T) {
t.Parallel()
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

4
agent/consul/txn_endpoint_test.go
View File

@ -319,7 +319,7 @@ func TestTxn_Apply_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"
@ -854,7 +854,7 @@ func TestTxn_Read_ACLDeny(t *testing.T) {
require := require.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1"
c.PrimaryDatacenter = "dc1"
c.ACLsEnabled = true
c.ACLMasterToken = "root"
c.ACLDefaultPolicy = "deny"

2
agent/uiserver/uiserver_test.go
View File

@ -226,7 +226,7 @@ func basicUIEnabledConfig(opts ...cfgFunc) *config.RuntimeConfig {
func withACLs() cfgFunc {
return func(cfg *config.RuntimeConfig) {
cfg.ACLDatacenter = "dc1"
cfg.PrimaryDatacenter = "dc1"
cfg.ACLDefaultPolicy = "deny"
cfg.ACLsEnabled = true
}