acl: remove reading of serf acl tags
We no long need to read the acl serf tag, because servers are always either ACL enabled or ACL disabled. We continue to write the tag so that during an upgarde older servers will see the tag.
This commit is contained in:
Daniel Nephin
parent
b866e3c4f4
commit
f21097beda
|
|
@ -72,6 +72,8 @@ func (s *Server) setupSerf(conf *serf.Config, ch chan serf.Event, path string, w
|
|||
conf.Tags["use_tls"] = "1"
|
||||
}
|
||||
|
||||
// TODO(ACL-Legacy-Compat): remove in phase 2. These are kept for now to
|
||||
// allow for upgrades.
|
||||
if s.acls.ACLsEnabled() {
|
||||
conf.Tags[metadata.TagACLs] = string(structs.ACLModeEnabled)
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import (
|
|||
"github.com/hashicorp/serf/serf"
|
||||
|
||||
"github.com/hashicorp/consul/agent/metadata"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
// CanServersUnderstandProtocol checks to see if all the servers in the given
|
||||
|
|
@ -159,58 +158,3 @@ func (c *Client) CheckServers(datacenter string, fn func(*metadata.Server) bool)
|
|||
|
||||
c.router.CheckServers(datacenter, fn)
|
||||
}
|
||||
|
||||
type serversACLMode struct {
|
||||
// leader is the address of the leader
|
||||
leader string
|
||||
|
||||
// mode indicates the overall ACL mode of the servers
|
||||
mode structs.ACLMode
|
||||
|
||||
// leaderMode is the ACL mode of the leader server
|
||||
leaderMode structs.ACLMode
|
||||
|
||||
// indicates that at least one server was processed
|
||||
found bool
|
||||
}
|
||||
|
||||
func (s *serversACLMode) init(leader string) {
|
||||
s.leader = leader
|
||||
s.mode = structs.ACLModeEnabled
|
||||
s.leaderMode = structs.ACLModeUnknown
|
||||
s.found = false
|
||||
}
|
||||
|
||||
func (s *serversACLMode) update(srv *metadata.Server) bool {
|
||||
if srv.Status != serf.StatusAlive && srv.Status != serf.StatusFailed {
|
||||
// they are left or something so regardless we treat these servers as meeting
|
||||
// the version requirement
|
||||
return true
|
||||
}
|
||||
|
||||
// mark that we processed at least one server
|
||||
s.found = true
|
||||
|
||||
if srvAddr := srv.Addr.String(); srvAddr == s.leader {
|
||||
s.leaderMode = srv.ACLs
|
||||
}
|
||||
|
||||
switch srv.ACLs {
|
||||
case structs.ACLModeDisabled:
|
||||
// anything disabled means we cant enable ACLs
|
||||
s.mode = structs.ACLModeDisabled
|
||||
case structs.ACLModeEnabled:
|
||||
// do nothing
|
||||
case structs.ACLModeLegacy:
|
||||
// This covers legacy mode and older server versions that don't advertise ACL support
|
||||
if s.mode != structs.ACLModeDisabled && s.mode != structs.ACLModeUnknown {
|
||||
s.mode = structs.ACLModeLegacy
|
||||
}
|
||||
default:
|
||||
if s.mode != structs.ACLModeDisabled {
|
||||
s.mode = structs.ACLModeUnknown
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-version"
|
||||
"github.com/hashicorp/serf/serf"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
// Key is used in maps and for equality tests. A key is based on endpoints.
|
||||
|
|
@ -42,7 +40,6 @@ type Server struct {
|
|||
Addr net.Addr
|
||||
Status serf.MemberStatus
|
||||
ReadReplica bool
|
||||
ACLs structs.ACLMode
|
||||
FeatureFlags map[string]int
|
||||
|
||||
// If true, use TLS when connecting to this server
|
||||
|
|
@ -97,13 +94,6 @@ func IsConsulServer(m serf.Member) (bool, *Server) {
|
|||
return false, nil
|
||||
}
|
||||
|
||||
var acls structs.ACLMode
|
||||
if aclMode, ok := m.Tags[TagACLs]; ok {
|
||||
acls = structs.ACLMode(aclMode)
|
||||
} else {
|
||||
acls = structs.ACLModeUnknown
|
||||
}
|
||||
|
||||
segmentAddrs := make(map[string]string)
|
||||
segmentPorts := make(map[string]int)
|
||||
featureFlags := make(map[string]int)
|
||||
|
|
@ -188,12 +178,12 @@ func IsConsulServer(m serf.Member) (bool, *Server) {
|
|||
UseTLS: useTLS,
|
||||
// DEPRECATED - remove nonVoter check once support for that tag is removed
|
||||
ReadReplica: nonVoter || readReplica,
|
||||
ACLs: acls,
|
||||
FeatureFlags: featureFlags,
|
||||
}
|
||||
return true, parts
|
||||
}
|
||||
|
||||
// TODO(ACL-Legacy-Compat): remove in phase 2
|
||||
const TagACLs = "acls"
|
||||
|
||||
const featureFlagPrefix = "ft_"
|
||||
|
|
|
|||
|
|
@ -20,16 +20,10 @@ import (
|
|||
type ACLMode string
|
||||
|
||||
const (
|
||||
// ACLs are disabled by configuration
|
||||
// ACLModeDisabled indicates the ACL system is disabled
|
||||
ACLModeDisabled ACLMode = "0"
|
||||
// ACLs are enabled
|
||||
// ACLModeEnabled indicates the ACL system is enabled
|
||||
ACLModeEnabled ACLMode = "1"
|
||||
// DEPRECATED (ACL-Legacy-Compat) - only needed while legacy ACLs are supported
|
||||
// ACLs are enabled and using legacy ACLs
|
||||
ACLModeLegacy ACLMode = "2"
|
||||
// DEPRECATED (ACL-Legacy-Compat) - only needed while legacy ACLs are supported
|
||||
// ACLs are assumed enabled but not being advertised
|
||||
ACLModeUnknown ACLMode = "3"
|
||||
)
|
||||
|
||||
type ACLTokenIDType string
|
||||
|
|
|
|||
Loading…
Reference in New Issue