acl: remove legacy parameter to ACLDatacenter

It is no longer used now that legacy ACLs have been removed.
2021-10-04 18:54:49 -04:00 · 2021-10-04 18:54:49 -04:00 · 8ae6ee4e36
parent d778113773
commit 8ae6ee4e36
4 changed files with 9 additions and 24 deletions
--- a/agent/consul/acl.go
+++ b/agent/consul/acl.go
@ -120,13 +120,6 @@ func (id *missingIdentity) EnterpriseMetadata() *structs.EnterpriseMeta {
 	return structs.DefaultEnterpriseMetaInDefaultPartition()
 }

-func minTTL(a time.Duration, b time.Duration) time.Duration {
-	if a < b {
-		return a
-	}
-	return b
-}
-
 type ACLRemoteError struct {
 	Err error
 }
@ -145,7 +138,7 @@ func tokenSecretCacheID(token string) string {
 }

 type ACLResolverDelegate interface {
-	ACLDatacenter(legacy bool) string
+	ACLDatacenter() string
 	ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
 	ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)
 	ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)
@ -361,7 +354,7 @@ func (r *ACLResolver) fetchAndCacheIdentityFromToken(token string, cached *struc
 	cacheID := tokenSecretCacheID(token)

 	req := structs.ACLTokenGetRequest{
-		Datacenter:  r.delegate.ACLDatacenter(false),
+		Datacenter:  r.delegate.ACLDatacenter(),
 		TokenID:     token,
 		TokenIDType: structs.ACLTokenSecret,
 		QueryOptions: structs.QueryOptions{
@ -449,7 +442,7 @@ func (r *ACLResolver) resolveIdentityFromToken(token string) (structs.ACLIdentit

 func (r *ACLResolver) fetchAndCachePoliciesForIdentity(identity structs.ACLIdentity, policyIDs []string, cached map[string]*structs.PolicyCacheEntry) (map[string]*structs.ACLPolicy, error) {
 	req := structs.ACLPolicyBatchGetRequest{
-		Datacenter: r.delegate.ACLDatacenter(false),
+		Datacenter: r.delegate.ACLDatacenter(),
 		PolicyIDs:  policyIDs,
 		QueryOptions: structs.QueryOptions{
 			Token:      identity.SecretToken(),
@ -504,7 +497,7 @@ func (r *ACLResolver) fetchAndCachePoliciesForIdentity(identity structs.ACLIdent

 func (r *ACLResolver) fetchAndCacheRolesForIdentity(identity structs.ACLIdentity, roleIDs []string, cached map[string]*structs.RoleCacheEntry) (map[string]*structs.ACLRole, error) {
 	req := structs.ACLRoleBatchGetRequest{
-		Datacenter: r.delegate.ACLDatacenter(false),
+		Datacenter: r.delegate.ACLDatacenter(),
 		RoleIDs:    roleIDs,
 		QueryOptions: structs.QueryOptions{
 			Token:      identity.SecretToken(),
--- a/agent/consul/acl_client.go
+++ b/agent/consul/acl_client.go
@ -23,17 +23,9 @@ var clientACLCacheConfig *structs.ACLCachesConfig = &structs.ACLCachesConfig{
 	Roles: 128,
 }

-func (c *Client) ACLDatacenter(legacy bool) string {
-	// For resolution running on clients, when not in
-	// legacy mode the servers within the current datacenter
-	// must be queried first to pick up local tokens. When
-	// in legacy mode the clients should directly query the
-	// ACL Datacenter. When no ACL datacenter has been set
-	// then we assume that the local DC is the ACL DC
-	if legacy && c.config.PrimaryDatacenter != "" {
-		return c.config.PrimaryDatacenter
-	}
-
+func (c *Client) ACLDatacenter() string {
+	// For resolution running on clients servers within the current datacenter
+	// must be queried first to pick up local tokens.
 	return c.config.Datacenter
 }

--- a/agent/consul/acl_server.go
+++ b/agent/consul/acl_server.go
@ -100,7 +100,7 @@ func (s *Server) LocalTokensEnabled() bool {
 	return true
 }

-func (s *Server) ACLDatacenter(legacy bool) string {
+func (s *Server) ACLDatacenter() string {
 	// For resolution running on servers the only option
 	// is to contact the configured ACL Datacenter
 	if s.config.PrimaryDatacenter != "" {
--- a/agent/consul/acl_test.go
+++ b/agent/consul/acl_test.go
@ -613,7 +613,7 @@ func (d *ACLResolverTestDelegate) plainRoleResolveFn(args *structs.ACLRoleBatchG
 	return nil
 }

-func (d *ACLResolverTestDelegate) ACLDatacenter(legacy bool) string {
+func (d *ACLResolverTestDelegate) ACLDatacenter() string {
 	return d.datacenter
 }