|
|
@ -498,35 +498,24 @@ func (s *Server) initializeACLs(ctx context.Context) error {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Ignoring expiration times to avoid an insertion collision.
|
|
|
|
// Ignoring expiration times to avoid an insertion collision.
|
|
|
|
if token == nil {
|
|
|
|
if token == nil {
|
|
|
|
// DEPRECATED (ACL-Legacy-Compat) - Don't need to query for previous "anonymous" token
|
|
|
|
token = &structs.ACLToken{
|
|
|
|
// check for legacy token that needs an upgrade
|
|
|
|
AccessorID: structs.ACLTokenAnonymousID,
|
|
|
|
_, legacyToken, err := state.ACLTokenGetBySecret(nil, anonymousToken, nil)
|
|
|
|
SecretID: anonymousToken,
|
|
|
|
if err != nil {
|
|
|
|
Description: "Anonymous Token",
|
|
|
|
return fmt.Errorf("failed to get anonymous token: %v", err)
|
|
|
|
CreateTime: time.Now(),
|
|
|
|
|
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Ignoring expiration times to avoid an insertion collision.
|
|
|
|
token.SetHash(true)
|
|
|
|
|
|
|
|
|
|
|
|
// the token upgrade routine will take care of upgrading the token if a legacy version exists
|
|
|
|
req := structs.ACLTokenBatchSetRequest{
|
|
|
|
if legacyToken == nil {
|
|
|
|
Tokens: structs.ACLTokens{token},
|
|
|
|
token = &structs.ACLToken{
|
|
|
|
CAS: false,
|
|
|
|
AccessorID: structs.ACLTokenAnonymousID,
|
|
|
|
}
|
|
|
|
SecretID: anonymousToken,
|
|
|
|
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
|
|
|
|
Description: "Anonymous Token",
|
|
|
|
if err != nil {
|
|
|
|
CreateTime: time.Now(),
|
|
|
|
return fmt.Errorf("failed to create anonymous token: %v", err)
|
|
|
|
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
token.SetHash(true)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
req := structs.ACLTokenBatchSetRequest{
|
|
|
|
|
|
|
|
Tokens: structs.ACLTokens{token},
|
|
|
|
|
|
|
|
CAS: false,
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err := s.raftApply(structs.ACLTokenSetRequestType, &req)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return fmt.Errorf("failed to create anonymous token: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
s.logger.Info("Created ACL anonymous token from configuration")
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
s.logger.Info("Created ACL anonymous token from configuration")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// launch the upgrade go routine to generate accessors for everything
|
|
|
|
// launch the upgrade go routine to generate accessors for everything
|
|
|
|
s.startACLUpgrade(ctx)
|
|
|
|
s.startACLUpgrade(ctx)
|
|
|
|