diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index c9bbeaabc..3579e245b 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -235,10 +235,8 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC ID: structs.ACLPolicyGlobalManagementID, }, }, - CreateTime: time.Now(), - Local: false, - // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs - Type: structs.ACLTokenTypeManagement, + CreateTime: time.Now(), + Local: false, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), }, ResetIndex: specifiedIndex, diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index a7e24dc21..bfe8a0220 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -48,7 +48,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) { require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out)) require.Equal(t, 36, len(out.AccessorID)) require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token")) - require.Equal(t, out.Type, structs.ACLTokenTypeManagement) require.True(t, out.CreateIndex > 0) require.Equal(t, out.CreateIndex, out.ModifyIndex) @@ -69,7 +68,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) { require.Equal(t, 36, len(out.AccessorID)) require.NotEqual(t, oldID, out.AccessorID) require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token")) - require.Equal(t, out.Type, structs.ACLTokenTypeManagement) require.True(t, out.CreateIndex > 0) require.Equal(t, out.CreateIndex, out.ModifyIndex) } diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index c4a7b3faa..996cf2fd2 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -111,8 +111,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { }, CreateTime: time.Now(), Local: false, - // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs - Type: structs.ACLTokenTypeManagement, + Type: "management", } require.NoError(t, fsm.state.ACLBootstrap(10, 0, token)) diff --git a/agent/consul/leader.go b/agent/consul/leader.go index e54841467..847db5c1a 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -452,11 +452,8 @@ func (s *Server) initializeACLs(ctx context.Context) error { ID: structs.ACLPolicyGlobalManagementID, }, }, - CreateTime: time.Now(), - Local: false, - - // DEPRECATED (ACL-Legacy-Compat) - only needed for compatibility - Type: structs.ACLTokenTypeManagement, + CreateTime: time.Now(), + Local: false, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(), } @@ -599,7 +596,7 @@ func (s *Server) legacyACLTokenUpgrade(ctx context.Context) error { len(newToken.ServiceIdentities) == 0 && len(newToken.NodeIdentities) == 0 && len(newToken.Roles) == 0 && - newToken.Type == structs.ACLTokenTypeManagement { + newToken.Type == "management" { newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID}) } diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go index 99717745b..c86527cd1 100644 --- a/agent/consul/state/acl_test.go +++ b/agent/consul/state/acl_test.go @@ -171,8 +171,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) { }, CreateTime: time.Now(), Local: false, - // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs - Type: structs.ACLTokenTypeManagement, } token2 := &structs.ACLToken{ @@ -186,8 +184,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) { }, CreateTime: time.Now(), Local: false, - // DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs - Type: structs.ACLTokenTypeManagement, } s := testStateStore(t) @@ -788,29 +784,31 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) { return tx.Commit() } + const ACLTokenTypeManagement = "management" + require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{ SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b", - Type: structs.ACLTokenTypeManagement, + Type: ACLTokenTypeManagement, })) require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{ SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba", - Type: structs.ACLTokenTypeManagement, + Type: ACLTokenTypeManagement, })) require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{ SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61", - Type: structs.ACLTokenTypeManagement, + Type: ACLTokenTypeManagement, })) require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{ SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b", - Type: structs.ACLTokenTypeManagement, + Type: ACLTokenTypeManagement, })) require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{ SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee", - Type: structs.ACLTokenTypeManagement, + Type: ACLTokenTypeManagement, })) tokens, _, err := s.ACLTokenListUpgradeable(3) diff --git a/agent/structs/acl_legacy.go b/agent/structs/acl_legacy.go deleted file mode 100644 index a0c879bad..000000000 --- a/agent/structs/acl_legacy.go +++ /dev/null @@ -1,13 +0,0 @@ -// DEPRECATED (ACL-Legacy-Compat) -// -// Everything within this file is deprecated and related to the original ACL -// implementation. Once support for v1 ACLs are removed this whole file can -// be deleted. - -package structs - -const ( - // ACLTokenTypeManagement tokens have an always allow policy, so they can - // make other tokens and can access all resources. - ACLTokenTypeManagement = "management" -)