acl: remove init check for legacy anon token

This token should always already be migrated from a previous version.

agent/config/default.go

@@ -18,11 +18,6 @@ func DefaultSource() Source {
 	serfLAN := cfg.SerfLANConfig.MemberlistConfig
 	serfWAN := cfg.SerfWANConfig.MemberlistConfig
 
-	// DEPRECATED (ACL-Legacy-Compat) - when legacy ACL support is removed these defaults
-	//   the acl_* config entries here should be transitioned to their counterparts in the
-	//   acl stanza for now we need to be able to detect the new entries not being set (not
-	//   just set to the defaults here) so that we can use the old entries. So the true
-	//   default still needs to reside in the original config values
 	return FileSource{
 		Name:   "default",
 		Format: "hcl",

agent/consul/leader.go

@@ -498,16 +498,6 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 		}
 		// Ignoring expiration times to avoid an insertion collision.
 		if token == nil {
-			// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token
-			// check for legacy token that needs an upgrade
-			_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil)
-			if err != nil {
-				return fmt.Errorf("failed to get anonymous token: %v", err)
-			}
-			// Ignoring expiration times to avoid an insertion collision.
-
-			// the token upgrade routine will take care of upgrading the token if a legacy version exists
-			if legacyToken == nil {
 			token = &structs.ACLToken{
 				AccessorID:     structs.ACLTokenAnonymousID,
 				SecretID:       anonymousToken,
@@ -527,7 +517,6 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 			}
 			s.logger.Info("Created ACL anonymous token from configuration")
 		}
-		}
 		// launch the upgrade go routine to generate accessors for everything
 		s.startACLUpgrade(ctx)
 	} else {