acl: remove bootstrap-init FSM operation

2021-09-22 11:33:54 -04:00 · 2021-09-22 11:33:54 -04:00 · a8358f7575
parent ea2e0ad2ec
commit a8358f7575
3 changed files with 1 additions and 111 deletions
--- a/agent/consul/fsm/commands_oss.go
+++ b/agent/consul/fsm/commands_oss.go
@ -254,19 +254,13 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
 	defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl"}, time.Now(),
 		[]metrics.Label{{Name: "op", Value: string(req.Op)}})
 	switch req.Op {
-	case structs.ACLBootstrapInit:
-		enabled, _, err := c.state.CanBootstrapACLToken()
-		if err != nil {
-			return err
-		}
-		return enabled
 	case structs.ACLSet:
 		if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
 			return err
 		}
 		return req.ACL.ID
 	// Legacy commands that have been removed
-	case "bootstrap-now", "force-set", "delete":
+	case "bootstrap-now", "bootstrap-init", "force-set", "delete":
 		return fmt.Errorf("command %v has been removed with the legacy ACL system", req.Op)
 	default:
 		c.logger.Warn("Invalid ACL operation", "operation", req.Op)
--- a/agent/consul/fsm/commands_oss_test.go
+++ b/agent/consul/fsm/commands_oss_test.go
@ -829,102 +829,6 @@ func TestFSM_SessionCreate_Destroy(t *testing.T) {
 	}
 }

-func TestFSM_ACL_CRUD(t *testing.T) {
-	t.Parallel()
-	logger := testutil.Logger(t)
-	fsm, err := New(nil, logger)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-
-	// Create a new ACL.
-	req := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLSet,
-		ACL: structs.ACL{
-			ID:   generateUUID(),
-			Name: "User token",
-			Type: structs.ACLTokenTypeClient,
-		},
-	}
-	buf, err := structs.Encode(structs.ACLRequestType, req)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	resp := fsm.Apply(makeLog(buf))
-	if err, ok := resp.(error); ok {
-		t.Fatalf("resp: %v", err)
-	}
-
-	// Get the ACL.
-	id := resp.(string)
-	_, acl, err := fsm.state.ACLTokenGetBySecret(nil, id, nil)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	if acl == nil {
-		t.Fatalf("missing")
-	}
-
-	// Verify the ACL.
-	if acl.SecretID != id {
-		t.Fatalf("bad: %v", *acl)
-	}
-	if acl.Description != "User token" {
-		t.Fatalf("bad: %v", *acl)
-	}
-	if acl.Type != structs.ACLTokenTypeClient {
-		t.Fatalf("bad: %v", *acl)
-	}
-
-	// Try to destroy.
-	destroy := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLDelete,
-		ACL: structs.ACL{
-			ID: id,
-		},
-	}
-	buf, err = structs.Encode(structs.ACLRequestType, destroy)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	resp = fsm.Apply(makeLog(buf))
-	if resp != nil {
-		t.Fatalf("resp: %v", resp)
-	}
-
-	_, acl, err = fsm.state.ACLTokenGetBySecret(nil, id, nil)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	if acl != nil {
-		t.Fatalf("should be destroyed")
-	}
-
-	// Initialize bootstrap (should work since we haven't made a management
-	// token).
-	init := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLBootstrapInit,
-	}
-	buf, err = structs.Encode(structs.ACLRequestType, init)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	resp = fsm.Apply(makeLog(buf))
-	if enabled, ok := resp.(bool); !ok || !enabled {
-		t.Fatalf("resp: %v", resp)
-	}
-	canBootstrap, _, err := fsm.state.CanBootstrapACLToken()
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	if !canBootstrap {
-		t.Fatalf("bad: shouldn't be able to bootstrap")
-	}
-}
-
 func TestFSM_PreparedQuery_CRUD(t *testing.T) {
 	t.Parallel()
 	logger := testutil.Logger(t)
--- a/agent/structs/acl_legacy.go
+++ b/agent/structs/acl_legacy.go
@ -13,14 +13,6 @@ import (
 	"github.com/hashicorp/consul/acl"
 )

-const (
-	// ACLBootstrapInit is used to perform a scan for existing tokens which
-	// will decide whether bootstrapping is allowed for a cluster. This is
-	// initiated by the leader when it steps up, if necessary.
-	// TODO(ACL-Legacy-Compat): remove
-	ACLBootstrapInit ACLOp = "bootstrap-init"
-)
-
 const (
 	// ACLTokenTypeClient tokens have rules applied
 	ACLTokenTypeClient = "client"