acl: remove init check for legacy anon token

This token should always already be migrated from a previous version.
pull/11184/head
Daniel Nephin 3 years ago
parent daba3c2309
commit 0784a31e85

@ -18,11 +18,6 @@ func DefaultSource() Source {
serfLAN := cfg.SerfLANConfig.MemberlistConfig serfLAN := cfg.SerfLANConfig.MemberlistConfig
serfWAN := cfg.SerfWANConfig.MemberlistConfig serfWAN := cfg.SerfWANConfig.MemberlistConfig
// DEPRECATED (ACL-Legacy-Compat) - when legacy ACL support is removed these defaults
// the acl_* config entries here should be transitioned to their counterparts in the
// acl stanza for now we need to be able to detect the new entries not being set (not
// just set to the defaults here) so that we can use the old entries. So the true
// default still needs to reside in the original config values
return FileSource{ return FileSource{
Name: "default", Name: "default",
Format: "hcl", Format: "hcl",

@ -498,35 +498,24 @@ func (s *Server) initializeACLs(ctx context.Context) error {
} }
// Ignoring expiration times to avoid an insertion collision. // Ignoring expiration times to avoid an insertion collision.
if token == nil { if token == nil {
// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token token = &structs.ACLToken{
// check for legacy token that needs an upgrade AccessorID: structs.ACLTokenAnonymousID,
_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil) SecretID: anonymousToken,
if err != nil { Description: "Anonymous Token",
return fmt.Errorf("failed to get anonymous token: %v", err) CreateTime: time.Now(),
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
} }
// Ignoring expiration times to avoid an insertion collision. token.SetHash(true)
// the token upgrade routine will take care of upgrading the token if a legacy version exists req := structs.ACLTokenBatchSetRequest{
if legacyToken == nil { Tokens: structs.ACLTokens{token},
token = &structs.ACLToken{ CAS: false,
AccessorID: structs.ACLTokenAnonymousID, }
SecretID: anonymousToken, _, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
Description: "Anonymous Token", if err != nil {
CreateTime: time.Now(), return fmt.Errorf("failed to create anonymous token: %v", err)
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
}
token.SetHash(true)
req := structs.ACLTokenBatchSetRequest{
Tokens: structs.ACLTokens{token},
CAS: false,
}
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
if err != nil {
return fmt.Errorf("failed to create anonymous token: %v", err)
}
s.logger.Info("Created ACL anonymous token from configuration")
} }
s.logger.Info("Created ACL anonymous token from configuration")
} }
// launch the upgrade go routine to generate accessors for everything // launch the upgrade go routine to generate accessors for everything
s.startACLUpgrade(ctx) s.startACLUpgrade(ctx)

Loading…
Cancel
Save