diff --git a/agent/config/builder.go b/agent/config/builder.go index 02a99d0087..db7c81ea73 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -877,8 +877,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) { ACLTokens: token.Config{ DataDir: dataDir, EnablePersistence: boolValWithDefault(c.ACL.EnableTokenPersistence, false), - ACLDefaultToken: stringValWithDefault(c.ACL.Tokens.Default, stringVal(c.ACLToken)), - ACLAgentToken: stringValWithDefault(c.ACL.Tokens.Agent, stringVal(c.ACLAgentToken)), + ACLDefaultToken: stringVal(c.ACL.Tokens.Default), + ACLAgentToken: stringVal(c.ACL.Tokens.Agent), ACLAgentMasterToken: stringVal(c.ACL.Tokens.AgentMaster), ACLReplicationToken: stringValWithDefault(c.ACL.Tokens.Replication, stringVal(c.ACLReplicationToken)), }, diff --git a/agent/config/config.go b/agent/config/config.go index 10687d1b6d..0d3747e0ae 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -130,8 +130,6 @@ type Cache struct { // configuration it should be treated as an external API which cannot be // changed and refactored at will since this will break existing setups. type Config struct { - // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza - ACLAgentToken *string `mapstructure:"acl_agent_token"` // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza ACLDefaultPolicy *string `mapstructure:"acl_default_policy"` // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza @@ -143,9 +141,7 @@ type Config struct { // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza ACLReplicationToken *string `mapstructure:"acl_replication_token"` // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza - ACLTTL *string `mapstructure:"acl_ttl"` - // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza - ACLToken *string `mapstructure:"acl_token"` + ACLTTL *string `mapstructure:"acl_ttl"` ACL ACL `mapstructure:"acl"` Addresses Addresses `mapstructure:"addresses"` AdvertiseAddrLAN *string `mapstructure:"advertise_addr"` diff --git a/agent/config/deprecated.go b/agent/config/deprecated.go index 4a327e560c..4cae4622a3 100644 --- a/agent/config/deprecated.go +++ b/agent/config/deprecated.go @@ -5,6 +5,11 @@ import "fmt" type DeprecatedConfig struct { // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza ACLAgentMasterToken *string `mapstructure:"acl_agent_master_token"` + // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza + ACLAgentToken *string `mapstructure:"acl_agent_token"` + // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza + ACLToken *string `mapstructure:"acl_token"` + // DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter" ACLDatacenter *string `mapstructure:"acl_datacenter"` } @@ -20,6 +25,20 @@ func applyDeprecatedConfig(d *decodeTarget) (Config, []string) { warns = append(warns, deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master")) } + if dep.ACLAgentToken != nil { + if d.Config.ACL.Tokens.Agent == nil { + d.Config.ACL.Tokens.Agent = dep.ACLAgentToken + } + warns = append(warns, deprecationWarning("acl_agent_token", "acl.tokens.agent")) + } + + if dep.ACLToken != nil { + if d.Config.ACL.Tokens.Default == nil { + d.Config.ACL.Tokens.Default = dep.ACLToken + } + warns = append(warns, deprecationWarning("acl_token", "acl.tokens.default")) + } + if dep.ACLDatacenter != nil { if d.Config.PrimaryDatacenter == nil { d.Config.PrimaryDatacenter = dep.ACLDatacenter diff --git a/agent/config/deprecated_test.go b/agent/config/deprecated_test.go new file mode 100644 index 0000000000..07da342bdd --- /dev/null +++ b/agent/config/deprecated_test.go @@ -0,0 +1,45 @@ +package config + +import ( + "sort" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestLoad_DeprecatedConfig(t *testing.T) { + opts := LoadOpts{ + HCL: []string{` +data_dir = "/foo" + +acl_datacenter = "dcone" + +acl_agent_master_token = "token1" +acl_agent_token = "token2" +acl_token = "token3" + +`}, + } + patchLoadOptsShims(&opts) + result, err := Load(opts) + require.NoError(t, err) + + expectWarns := []string{ + deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"), + deprecationWarning("acl_agent_token", "acl.tokens.agent"), + deprecationWarning("acl_datacenter", "primary_datacenter"), + deprecationWarning("acl_token", "acl.tokens.default"), + } + sort.Strings(result.Warnings) + require.Equal(t, expectWarns, result.Warnings) + // Ideally this would compare against the entire result.RuntimeConfig, but + // we have so many non-zero defaults in that response that the noise of those + // defaults makes this test difficult to read. So as a workaround, compare + // specific values. + rt := result.RuntimeConfig + require.Equal(t, true, rt.ACLsEnabled) + require.Equal(t, "dcone", rt.PrimaryDatacenter) + require.Equal(t, "token1", rt.ACLTokens.ACLAgentMasterToken) + require.Equal(t, "token2", rt.ACLTokens.ACLAgentToken) + require.Equal(t, "token3", rt.ACLTokens.ACLDefaultToken) +} diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 486d095ce2..11a5a9efd6 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5902,8 +5902,10 @@ func TestLoad_FullConfig(t *testing.T) { entFullRuntimeConfig(expected) expectedWarns := []string{ - `The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`, - `The 'acl_agent_master_token' field is deprecated. Use the 'acl.tokens.agent_master' field instead.`, + deprecationWarning("acl_datacenter", "primary_datacenter"), + deprecationWarning("acl_agent_master_token", "acl.tokens.agent_master"), + deprecationWarning("acl_agent_token", "acl.tokens.agent"), + deprecationWarning("acl_token", "acl.tokens.default"), `bootstrap_expect > 0: expecting 53 servers`, } expectedWarns = append(expectedWarns, enterpriseConfigKeyWarnings...)