mirror of https://github.com/hashicorp/consul
acl: remove ACLTokenTypeManagement
parent
32b4ad42ac
commit
3390f85ab4
|
@ -235,10 +235,8 @@ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.AC
|
|||
ID: structs.ACLPolicyGlobalManagementID,
|
||||
},
|
||||
},
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||
},
|
||||
ResetIndex: specifiedIndex,
|
||||
|
|
|
@ -48,7 +48,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
|
|||
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.BootstrapTokens", &arg, &out))
|
||||
require.Equal(t, 36, len(out.AccessorID))
|
||||
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
||||
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
|
||||
require.True(t, out.CreateIndex > 0)
|
||||
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
||||
|
||||
|
@ -69,7 +68,6 @@ func TestACLEndpoint_BootstrapTokens(t *testing.T) {
|
|||
require.Equal(t, 36, len(out.AccessorID))
|
||||
require.NotEqual(t, oldID, out.AccessorID)
|
||||
require.True(t, strings.HasPrefix(out.Description, "Bootstrap Token"))
|
||||
require.Equal(t, out.Type, structs.ACLTokenTypeManagement)
|
||||
require.True(t, out.CreateIndex > 0)
|
||||
require.Equal(t, out.CreateIndex, out.ModifyIndex)
|
||||
}
|
||||
|
|
|
@ -111,8 +111,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
|
|||
},
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: "management",
|
||||
}
|
||||
require.NoError(t, fsm.state.ACLBootstrap(10, 0, token))
|
||||
|
||||
|
|
|
@ -452,11 +452,8 @@ func (s *Server) initializeACLs(ctx context.Context) error {
|
|||
ID: structs.ACLPolicyGlobalManagementID,
|
||||
},
|
||||
},
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
|
||||
// DEPRECATED (ACL-Legacy-Compat) - only needed for compatibility
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
|
||||
}
|
||||
|
||||
|
@ -599,7 +596,7 @@ func (s *Server) legacyACLTokenUpgrade(ctx context.Context) error {
|
|||
len(newToken.ServiceIdentities) == 0 &&
|
||||
len(newToken.NodeIdentities) == 0 &&
|
||||
len(newToken.Roles) == 0 &&
|
||||
newToken.Type == structs.ACLTokenTypeManagement {
|
||||
newToken.Type == "management" {
|
||||
newToken.Policies = append(newToken.Policies, structs.ACLTokenPolicyLink{ID: structs.ACLPolicyGlobalManagementID})
|
||||
}
|
||||
|
||||
|
|
|
@ -171,8 +171,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
|||
},
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
}
|
||||
|
||||
token2 := &structs.ACLToken{
|
||||
|
@ -186,8 +184,6 @@ func TestStateStore_ACLBootstrap(t *testing.T) {
|
|||
},
|
||||
CreateTime: time.Now(),
|
||||
Local: false,
|
||||
// DEPRECATED (ACL-Legacy-Compat) - This is used so that the bootstrap token is still visible via the v1 acl APIs
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
}
|
||||
|
||||
s := testStateStore(t)
|
||||
|
@ -788,29 +784,31 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
const ACLTokenTypeManagement = "management"
|
||||
|
||||
require.NoError(t, aclTokenSetLegacy(2, &structs.ACLToken{
|
||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: ACLTokenTypeManagement,
|
||||
}))
|
||||
|
||||
require.NoError(t, aclTokenSetLegacy(3, &structs.ACLToken{
|
||||
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: ACLTokenTypeManagement,
|
||||
}))
|
||||
|
||||
require.NoError(t, aclTokenSetLegacy(4, &structs.ACLToken{
|
||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: ACLTokenTypeManagement,
|
||||
}))
|
||||
|
||||
require.NoError(t, aclTokenSetLegacy(5, &structs.ACLToken{
|
||||
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: ACLTokenTypeManagement,
|
||||
}))
|
||||
|
||||
require.NoError(t, aclTokenSetLegacy(6, &structs.ACLToken{
|
||||
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
|
||||
Type: structs.ACLTokenTypeManagement,
|
||||
Type: ACLTokenTypeManagement,
|
||||
}))
|
||||
|
||||
tokens, _, err := s.ACLTokenListUpgradeable(3)
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
// DEPRECATED (ACL-Legacy-Compat)
|
||||
//
|
||||
// Everything within this file is deprecated and related to the original ACL
|
||||
// implementation. Once support for v1 ACLs are removed this whole file can
|
||||
// be deleted.
|
||||
|
||||
package structs
|
||||
|
||||
const (
|
||||
// ACLTokenTypeManagement tokens have an always allow policy, so they can
|
||||
// make other tokens and can access all resources.
|
||||
ACLTokenTypeManagement = "management"
|
||||
)
|
Loading…
Reference in New Issue