diff --git a/agent/consul/fsm/commands_oss.go b/agent/consul/fsm/commands_oss.go index 25871585ea..a866f01c60 100644 --- a/agent/consul/fsm/commands_oss.go +++ b/agent/consul/fsm/commands_oss.go @@ -265,10 +265,8 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} { return err } return req.ACL.ID - case structs.ACLDelete: - return c.state.ACLTokenDeleteBySecret(index, req.ACL.ID, nil) // Legacy commands that have been removed - case "bootstrap-now", "force-set": + case "bootstrap-now", "force-set", "delete": return fmt.Errorf("command %v has been removed with the legacy ACL system", req.Op) default: c.logger.Warn("Invalid ACL operation", "operation", req.Op) diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 573aeaeaca..fb19377a30 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -806,13 +806,6 @@ func (s *Store) expiresIndexName(local bool) string { return indexExpiresGlobal } -// ACLTokenDeleteBySecret is used to remove an existing ACL from the state store. If -// the ACL does not exist this is a no-op and no error is returned. -// Deprecated (ACL-Legacy-Compat) -func (s *Store) ACLTokenDeleteBySecret(idx uint64, secret string, entMeta *structs.EnterpriseMeta) error { - return s.aclTokenDelete(idx, secret, "id", entMeta) -} - // ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If // the ACL does not exist this is a no-op and no error is returned. func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *structs.EnterpriseMeta) error { diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go index 2fba770d6f..a58da3e6c2 100644 --- a/agent/consul/state/acl_test.go +++ b/agent/consul/state/acl_test.go @@ -1511,34 +1511,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) { require.Nil(t, rtoken) }) - t.Run("Secret", func(t *testing.T) { - t.Parallel() - s := testACLTokensStateStore(t) - - token := &structs.ACLToken{ - AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b", - SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b", - Policies: []structs.ACLTokenPolicyLink{ - { - ID: structs.ACLPolicyGlobalManagementID, - }, - }, - Local: true, - } - - require.NoError(t, s.ACLTokenSet(2, token.Clone(), false)) - - _, rtoken, err := s.ACLTokenGetByAccessor(nil, "f1093997-b6c7-496d-bfb8-6b1b1895641b", nil) - require.NoError(t, err) - require.NotNil(t, rtoken) - - require.NoError(t, s.ACLTokenDeleteBySecret(3, "34ec8eb3-095d-417a-a937-b439af7a8e8b", nil)) - - _, rtoken, err = s.ACLTokenGetByAccessor(nil, "f1093997-b6c7-496d-bfb8-6b1b1895641b", nil) - require.NoError(t, err) - require.Nil(t, rtoken) - }) - t.Run("Multiple", func(t *testing.T) { t.Parallel() s := testACLTokensStateStore(t) @@ -1592,7 +1564,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) { s := testACLTokensStateStore(t) require.Error(t, s.ACLTokenDeleteByAccessor(3, structs.ACLTokenAnonymousID, nil)) - require.Error(t, s.ACLTokenDeleteBySecret(3, "anonymous", nil)) }) t.Run("Not Found", func(t *testing.T) { @@ -1601,7 +1572,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) { // deletion of non-existent policies is not an error require.NoError(t, s.ACLTokenDeleteByAccessor(3, "ea58a09c-2100-4aef-816b-8ee0ade77dcd", nil)) - require.NoError(t, s.ACLTokenDeleteBySecret(3, "376d0cae-dd50-4213-9668-2c7797a7fb2d", nil)) }) } diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 1c3d2a261d..4b6815dbd2 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -93,10 +93,6 @@ const ( // ACLSet creates or updates a token. // TODO(ACL-Legacy-Compat): remove ACLSet ACLOp = "set" - - // ACLDelete deletes a token. - // TODO(ACL-Legacy-Compat): remove - ACLDelete ACLOp = "delete" ) // ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no