acl: remove ACLDelete FSM command, and state store function

These are no longer used now that ACL.Apply has been removed.

agent/consul/fsm/commands_oss.go

@@ -265,10 +265,8 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
 			return err
 		}
 		return req.ACL.ID
-	case structs.ACLDelete:
-		return c.state.ACLTokenDeleteBySecret(index, req.ACL.ID, nil)
 	// Legacy commands that have been removed
-	case "bootstrap-now", "force-set":
+	case "bootstrap-now", "force-set", "delete":
 		return fmt.Errorf("command %v has been removed with the legacy ACL system", req.Op)
 	default:
 		c.logger.Warn("Invalid ACL operation", "operation", req.Op)

agent/consul/state/acl.go

@@ -806,13 +806,6 @@ func (s *Store) expiresIndexName(local bool) string {
 	return indexExpiresGlobal
 }
 
-// ACLTokenDeleteBySecret is used to remove an existing ACL from the state store. If
-// the ACL does not exist this is a no-op and no error is returned.
-// Deprecated (ACL-Legacy-Compat)
-func (s *Store) ACLTokenDeleteBySecret(idx uint64, secret string, entMeta *structs.EnterpriseMeta) error {
-	return s.aclTokenDelete(idx, secret, "id", entMeta)
-}
-
 // ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If
 // the ACL does not exist this is a no-op and no error is returned.
 func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *structs.EnterpriseMeta) error {

agent/consul/state/acl_test.go

@@ -1511,34 +1511,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
 		require.Nil(t, rtoken)
 	})
 
-	t.Run("Secret", func(t *testing.T) {
-		t.Parallel()
-		s := testACLTokensStateStore(t)
-
-		token := &structs.ACLToken{
-			AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
-			SecretID:   "34ec8eb3-095d-417a-a937-b439af7a8e8b",
-			Policies: []structs.ACLTokenPolicyLink{
-				{
-					ID: structs.ACLPolicyGlobalManagementID,
-				},
-			},
-			Local: true,
-		}
-
-		require.NoError(t, s.ACLTokenSet(2, token.Clone(), false))
-
-		_, rtoken, err := s.ACLTokenGetByAccessor(nil, "f1093997-b6c7-496d-bfb8-6b1b1895641b", nil)
-		require.NoError(t, err)
-		require.NotNil(t, rtoken)
-
-		require.NoError(t, s.ACLTokenDeleteBySecret(3, "34ec8eb3-095d-417a-a937-b439af7a8e8b", nil))
-
-		_, rtoken, err = s.ACLTokenGetByAccessor(nil, "f1093997-b6c7-496d-bfb8-6b1b1895641b", nil)
-		require.NoError(t, err)
-		require.Nil(t, rtoken)
-	})
-
 	t.Run("Multiple", func(t *testing.T) {
 		t.Parallel()
 		s := testACLTokensStateStore(t)
@@ -1592,7 +1564,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
 		s := testACLTokensStateStore(t)
 
 		require.Error(t, s.ACLTokenDeleteByAccessor(3, structs.ACLTokenAnonymousID, nil))
-		require.Error(t, s.ACLTokenDeleteBySecret(3, "anonymous", nil))
 	})
 
 	t.Run("Not Found", func(t *testing.T) {
@@ -1601,7 +1572,6 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
 
 		// deletion of non-existent policies is not an error
 		require.NoError(t, s.ACLTokenDeleteByAccessor(3, "ea58a09c-2100-4aef-816b-8ee0ade77dcd", nil))
-		require.NoError(t, s.ACLTokenDeleteBySecret(3, "376d0cae-dd50-4213-9668-2c7797a7fb2d", nil))
 	})
 }
 

agent/structs/acl.go

@@ -93,10 +93,6 @@ const (
 	// ACLSet creates or updates a token.
 	// TODO(ACL-Legacy-Compat): remove
 	ACLSet ACLOp = "set"
-
-	// ACLDelete deletes a token.
-	// TODO(ACL-Legacy-Compat): remove
-	ACLDelete ACLOp = "delete"
 )
 
 // ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no