acl: remove ACLTokenTypeManagement

2021-09-29 18:43:45 -04:00 · 2021-09-29 18:43:45 -04:00 · d778113773
parent 2f0eba1980
commit d778113773
6 changed files with 13 additions and 36 deletions
--- a/agent/consul/acl_endpoint.go
+++ b/agent/consul/acl_endpoint.go
@ -235,10 +235,8 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
 					ID: structs.ACLPolicyGlobalManagementID,
 				},
 			},
-			CreateTime: time.Now(),
-			Local:      false,
-			// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
-			Type:           structs.ACLTokenTypeManagement,
+			CreateTime:     time.Now(),
+			Local:          false,
 			EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
 		},
 		ResetIndex: specifiedIndex,
--- a/agent/consul/acl_endpoint_test.go
+++ b/agent/consul/acl_endpoint_test.go
@ -48,7 +48,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
 	require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out))
 	require.Equal(t, 36, len(out.AccessorID))
 	require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
-	require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
 	require.True(t, out.CreateIndex > 0)
 	require.Equal(t, out.CreateIndex, out.ModifyIndex)

@ -69,7 +68,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
 	require.Equal(t, 36, len(out.AccessorID))
 	require.NotEqual(t, oldID, out.AccessorID)
 	require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
-	require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
 	require.True(t, out.CreateIndex > 0)
 	require.Equal(t, out.CreateIndex, out.ModifyIndex)
 }
--- a/agent/consul/fsm/snapshot_oss_test.go
+++ b/agent/consul/fsm/snapshot_oss_test.go
@ -111,8 +111,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
 		},
 		CreateTime: time.Now(),
 		Local:      false,
-		// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
-		Type: structs.ACLTokenTypeManagement,
+		Type:       "management",
 	}
 	require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))

--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@ -452,11 +452,8 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 							ID: structs.ACLPolicyGlobalManagementID,
 						},
 					},
-					CreateTime: time.Now(),
-					Local:      false,
-
-					// DEPRECATED (ACL-Legacy-Compat) - only needed for compatibility
-					Type:           structs.ACLTokenTypeManagement,
+					CreateTime:     time.Now(),
+					Local:          false,
 					EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
 				}

@ -599,7 +596,7 @@ func (s *Server) legacyACLTokenUpgrade(ctx context.Context) error {
 				len(newToken.ServiceIdentities) == 0 &&
 				len(newToken.NodeIdentities) == 0 &&
 				len(newToken.Roles) == 0 &&
-				newToken.Type == structs.ACLTokenTypeManagement {
+				newToken.Type == "management" {
 				newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID})
 			}

--- a/agent/consul/state/acl_test.go
+++ b/agent/consul/state/acl_test.go
@ -171,8 +171,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
 		},
 		CreateTime: time.Now(),
 		Local:      false,
-		// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
-		Type: structs.ACLTokenTypeManagement,
 	}

 	token2 := &structs.ACLToken{
@ -186,8 +184,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
 		},
 		CreateTime: time.Now(),
 		Local:      false,
-		// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
-		Type: structs.ACLTokenTypeManagement,
 	}

 	s := testStateStore(t)
@ -788,29 +784,31 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
 		return tx.Commit()
 	}

+	const ACLTokenTypeManagement = "management"
+
 	require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{
 		SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
-		Type:     structs.ACLTokenTypeManagement,
+		Type:     ACLTokenTypeManagement,
 	}))

 	require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{
 		SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
-		Type:     structs.ACLTokenTypeManagement,
+		Type:     ACLTokenTypeManagement,
 	}))

 	require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{
 		SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
-		Type:     structs.ACLTokenTypeManagement,
+		Type:     ACLTokenTypeManagement,
 	}))

 	require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{
 		SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
-		Type:     structs.ACLTokenTypeManagement,
+		Type:     ACLTokenTypeManagement,
 	}))

 	require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{
 		SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
-		Type:     structs.ACLTokenTypeManagement,
+		Type:     ACLTokenTypeManagement,
 	}))

 	tokens, _, err := s.ACLTokenListUpgradeable(3)
--- a/agent/structs/acl_legacy.go
+++ b/agent/structs/acl_legacy.go
@ -1,13 +0,0 @@
-// DEPRECATED (ACL-Legacy-Compat)
-//
-// Everything within this file is deprecated and related to the original ACL
-// implementation. Once support for v1 ACLs are removed this whole file can
-// be deleted.
-
-package structs
-
-const (
-	// ACLTokenTypeManagement tokens have an always allow policy, so they can
-	// make other tokens and can access all resources.
-	ACLTokenTypeManagement = "management"
-)