From 7160f7a614e4b008e3ccc9184a81935969f2540b Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 6 Aug 2021 18:00:58 -0400 Subject: [PATCH 1/2] acl: remove ACLDatacenter This field has been unnecessary for a while now. It was always set to the same value as PrimaryDatacenter. So we can remove the duplicate field and use PrimaryDatacenter directly. This change was made by GoLand refactor, which did most of the work for me. --- agent/acl_endpoint_legacy.go | 10 ++--- agent/agent.go | 3 -- agent/config/builder.go | 3 +- agent/config/runtime.go | 11 +---- agent/config/runtime_test.go | 37 ++++++++-------- .../TestRuntimeConfig_Sanitize.golden | 1 - agent/consul/acl_client.go | 4 +- agent/consul/acl_endpoint.go | 42 +++++++++---------- agent/consul/acl_endpoint_legacy.go | 2 +- agent/consul/acl_endpoint_test.go | 4 +- agent/consul/acl_replication.go | 19 +++++---- agent/consul/acl_replication_legacy.go | 5 ++- agent/consul/acl_replication_legacy_test.go | 14 +++---- agent/consul/acl_replication_test.go | 19 +++++---- agent/consul/acl_server.go | 10 ++--- agent/consul/acl_test.go | 10 ++--- agent/consul/acl_token_exp_test.go | 5 ++- agent/consul/catalog_endpoint_test.go | 20 ++++----- agent/consul/config.go | 8 +--- agent/consul/config_endpoint_test.go | 12 +++--- agent/consul/connect_ca_endpoint_test.go | 4 +- agent/consul/coordinate_endpoint_test.go | 6 +-- agent/consul/discovery_chain_endpoint_test.go | 7 ++-- .../consul/federation_state_endpoint_test.go | 17 ++++---- agent/consul/health_endpoint_test.go | 11 ++--- agent/consul/intention_endpoint_test.go | 23 +++++----- agent/consul/internal_endpoint_test.go | 17 ++++---- agent/consul/kvs_endpoint_test.go | 15 +++---- agent/consul/leader.go | 2 +- agent/consul/leader_connect_test.go | 4 +- .../consul/leader_federation_state_ae_test.go | 7 ++-- agent/consul/leader_intentions_test.go | 4 +- agent/consul/leader_test.go | 34 +++++++-------- .../operator_autopilot_endpoint_test.go | 13 +++--- agent/consul/operator_raft_endpoint_test.go | 13 +++--- agent/consul/prepared_query_endpoint_test.go | 29 ++++++------- agent/consul/server.go | 7 ++-- agent/consul/server_test.go | 6 +-- agent/consul/session_endpoint_test.go | 9 ++-- agent/consul/snapshot_endpoint_test.go | 9 ++-- agent/consul/txn_endpoint_test.go | 4 +- agent/uiserver/uiserver_test.go | 2 +- 42 files changed, 241 insertions(+), 241 deletions(-) diff --git a/agent/acl_endpoint_legacy.go b/agent/acl_endpoint_legacy.go index efbd51fdba..92c191e6b7 100644 --- a/agent/acl_endpoint_legacy.go +++ b/agent/acl_endpoint_legacy.go @@ -19,7 +19,7 @@ func (s *HTTPHandlers) ACLDestroy(resp http.ResponseWriter, req *http.Request) ( } args := structs.ACLRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, Op: structs.ACLDelete, } s.parseToken(req, &args.Token) @@ -55,7 +55,7 @@ func (s *HTTPHandlers) ACLUpdate(resp http.ResponseWriter, req *http.Request) (i func (s *HTTPHandlers) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) { args := structs.ACLRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, Op: structs.ACLSet, ACL: structs.ACL{ Type: structs.ACLTokenTypeClient, @@ -96,7 +96,7 @@ func (s *HTTPHandlers) ACLClone(resp http.ResponseWriter, req *http.Request) (in } args := structs.ACLSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { @@ -148,7 +148,7 @@ func (s *HTTPHandlers) ACLGet(resp http.ResponseWriter, req *http.Request) (inte } args := structs.ACLSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { @@ -182,7 +182,7 @@ func (s *HTTPHandlers) ACLList(resp http.ResponseWriter, req *http.Request) (int } args := structs.DCSpecificRequest{ - Datacenter: s.agent.config.ACLDatacenter, + Datacenter: s.agent.config.PrimaryDatacenter, } var dc string if done := s.parse(resp, req, &dc, &args.QueryOptions); done { diff --git a/agent/agent.go b/agent/agent.go index 8dc6c1f0af..19a9ba2cb4 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1114,9 +1114,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co if runtimeCfg.ACLMasterToken != "" { cfg.ACLMasterToken = runtimeCfg.ACLMasterToken } - if runtimeCfg.ACLDatacenter != "" { - cfg.ACLDatacenter = runtimeCfg.ACLDatacenter - } if runtimeCfg.ACLTokenTTL != 0 { cfg.ACLTokenTTL = runtimeCfg.ACLTokenTTL } diff --git a/agent/config/builder.go b/agent/config/builder.go index 92171a8ebb..fc4c39c87a 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -867,7 +867,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) { // ACL ACLsEnabled: aclsEnabled, - ACLDatacenter: primaryDatacenter, ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)), ACLDownPolicy: stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)), ACLEnableKeyListPolicy: boolValWithDefault(c.ACL.EnableKeyListPolicy, boolVal(c.ACLEnableKeyListPolicy)), @@ -1311,7 +1310,7 @@ func (b *builder) validate(rt RuntimeConfig) error { if rt.AutopilotMaxTrailingLogs < 0 { return fmt.Errorf("autopilot.max_trailing_logs cannot be %d. Must be greater than or equal to zero", rt.AutopilotMaxTrailingLogs) } - if err := validateBasicName("acl_datacenter", rt.ACLDatacenter, true); err != nil { + if err := validateBasicName("primary_datacenter", rt.PrimaryDatacenter, true); err != nil { return err } // In DevMode, UI is enabled by default, so to enable rt.UIDir, don't perform this check diff --git a/agent/config/runtime.go b/agent/config/runtime.go index eae9037375..438cb22655 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -69,13 +69,6 @@ type RuntimeConfig struct { ACLTokens token.Config - // ACLDatacenter is the central datacenter that holds authoritative - // ACL records. This must be the same for the entire cluster. - // If this is not set, ACLs are not enabled. Off by default. - // - // hcl: acl_datacenter = string - ACLDatacenter string - // ACLDefaultPolicy is used to control the ACL interaction when // there is no defined policy. This can be "allow" which means // ACLs are used to deny-list, or "deny" which means ACLs are @@ -85,7 +78,7 @@ type RuntimeConfig struct { ACLDefaultPolicy string // ACLDownPolicy is used to control the ACL interaction when we cannot - // reach the ACLDatacenter and the token is not in the cache. + // reach the PrimaryDatacenter and the token is not in the cache. // There are the following modes: // * allow - Allow all requests // * deny - Deny all requests @@ -109,7 +102,7 @@ type RuntimeConfig struct { ACLEnableKeyListPolicy bool // ACLMasterToken is used to bootstrap the ACL system. It should be specified - // on the servers in the ACLDatacenter. When the leader comes online, it ensures + // on the servers in the PrimaryDatacenter. When the leader comes online, it ensures // that the Master token is available. This provides the initial token. // // hcl: acl.tokens.master = string diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index c5976adb87..5c012909bd 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -221,7 +221,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -237,7 +236,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -254,7 +252,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.DataDir = dataDir }, @@ -285,7 +282,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -471,7 +467,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -492,7 +487,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -509,7 +503,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -659,7 +652,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { expected: func(rt *RuntimeConfig) { rt.Datacenter = "dc2" rt.PrimaryDatacenter = "dc1" - rt.ACLDatacenter = "dc1" rt.PrimaryGateways = []string{"a", "b"} rt.DataDir = dataDir // server things @@ -1484,7 +1476,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.Bootstrap = false rt.BootstrapExpect = 0 rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.StartJoinAddrsLAN = []string{"a", "b", "c", "d"} rt.NodeMeta = map[string]string{"a": "c"} @@ -1540,7 +1531,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.SerfAdvertiseAddrLAN = tcpAddr("1.1.1.1:8301") rt.SerfAdvertiseAddrWAN = tcpAddr("2.2.2.2:8302") rt.Datacenter = "b" - rt.ACLDatacenter = "b" rt.PrimaryDatacenter = "b" rt.DNSRecursors = []string{"1.2.3.6", "5.6.7.10", "1.2.3.5", "5.6.7.9"} rt.NodeMeta = map[string]string{"a": "c"} @@ -1626,7 +1616,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { hcl: []string{`datacenter = "A"`}, expected: func(rt *RuntimeConfig) { rt.Datacenter = "a" - rt.ACLDatacenter = "a" rt.PrimaryDatacenter = "a" rt.DataDir = dataDir }, @@ -1638,7 +1627,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { hcl: []string{`acl_datacenter = "A"`}, expected: func(rt *RuntimeConfig) { rt.ACLsEnabled = true - rt.ACLDatacenter = "a" rt.DataDir = dataDir rt.PrimaryDatacenter = "a" }, @@ -1749,15 +1737,28 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, }) run(t, testCase{ - desc: "acl_datacenter invalid", + desc: "primary_datacenter invalid", args: []string{ `-datacenter=a`, `-data-dir=` + dataDir, }, - json: []string{`{ "acl_datacenter": "%" }`}, - hcl: []string{`acl_datacenter = "%"`}, - expectedErr: `acl_datacenter can only contain lowercase alphanumeric, - or _ characters.`, + json: []string{`{ "primary_datacenter": "%" }`}, + hcl: []string{`primary_datacenter = "%"`}, + expectedErr: `primary_datacenter can only contain lowercase alphanumeric, - or _ characters.`, + }) + run(t, testCase{ + desc: "acl_datacenter deprecated", + args: []string{ + `-data-dir=` + dataDir, + }, + json: []string{`{ "acl_datacenter": "ab" }`}, + hcl: []string{`acl_datacenter = "ab"`}, expectedWarnings: []string{`The 'acl_datacenter' field is deprecated. Use the 'primary_datacenter' field instead.`}, + expected: func(rt *RuntimeConfig) { + rt.ACLsEnabled = true + rt.PrimaryDatacenter = "ab" + rt.DataDir = dataDir + }, }) run(t, testCase{ desc: "autopilot.max_trailing_logs invalid", @@ -3373,7 +3374,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.DataDir = dataDir rt.Datacenter = "two" rt.PrimaryDatacenter = "one" - rt.ACLDatacenter = "one" rt.PrimaryGateways = []string{"foo.local", "bar.local"} rt.ConnectEnabled = true rt.ConnectMeshGatewayWANFederationEnabled = true @@ -5233,7 +5233,7 @@ func TestLoad_FullConfig(t *testing.T) { }, ACLsEnabled: true, - ACLDatacenter: "ejtmd43d", + PrimaryDatacenter: "ejtmd43d", ACLDefaultPolicy: "72c2e7a0", ACLDownPolicy: "03eb2aee", ACLEnableKeyListPolicy: true, @@ -5483,7 +5483,6 @@ func TestLoad_FullConfig(t *testing.T) { NodeName: "otlLxGaI", ReadReplica: true, PidFile: "43xN80Km", - PrimaryDatacenter: "ejtmd43d", PrimaryGateways: []string{"aej8eeZo", "roh2KahS"}, PrimaryGatewaysInterval: 18866 * time.Second, RPCAdvertiseAddr: tcpAddr("17.99.29.16:3757"), diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 64ddefe515..7f1ac08469 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -1,5 +1,4 @@ { - "ACLDatacenter": "", "ACLDefaultPolicy": "", "ACLDisabledTTL": "0s", "ACLDownPolicy": "", diff --git a/agent/consul/acl_client.go b/agent/consul/acl_client.go index bc86916eac..36e1f2e5bb 100644 --- a/agent/consul/acl_client.go +++ b/agent/consul/acl_client.go @@ -64,8 +64,8 @@ func (c *Client) ACLDatacenter(legacy bool) string { // in legacy mode the clients should directly query the // ACL Datacenter. When no ACL datacenter has been set // then we assume that the local DC is the ACL DC - if legacy && c.config.ACLDatacenter != "" { - return c.config.ACLDatacenter + if legacy && c.config.PrimaryDatacenter != "" { + return c.config.PrimaryDatacenter } return c.config.Datacenter diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 66dd7c91ad..425c54843d 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -276,7 +276,7 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke // clients will not know whether the server has local token store. In the case // where it doesn't we will transparently forward requests. if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenRead", args, reply); done { @@ -345,7 +345,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok // clients will not know whether the server has local token store. In the case // where it doesn't we will transparently forward requests. if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenClone", args, reply); done { @@ -369,8 +369,8 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok return acl.ErrNotFound } else if !a.srv.InACLDatacenter() && !token.Local { // global token writes must be forwarded to the primary DC - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenClone", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenClone", a.srv.config.PrimaryDatacenter, args, reply) } if token.AuthMethod != "" { @@ -414,7 +414,7 @@ func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken // Global token creation/modification always goes to the ACL DC if !args.ACLToken.Local { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } else if !a.srv.LocalTokensEnabled() { return fmt.Errorf("Local tokens are disabled") } @@ -822,7 +822,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er } if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenDelete", args, reply); done { @@ -862,13 +862,13 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er // token found in secondary DC but its not local so it must be deleted in the primary if !a.srv.InACLDatacenter() && !token.Local { - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply) } } else if !a.srv.InACLDatacenter() { // token not found in secondary DC - attempt to delete within the primary - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.TokenDelete", a.srv.config.PrimaryDatacenter, args, reply) } else { // in Primary Datacenter but the token does not exist - return early as there is nothing to do. return nil @@ -903,12 +903,12 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok } if !a.srv.LocalTokensEnabled() { - if args.Datacenter != a.srv.config.ACLDatacenter { - args.Datacenter = a.srv.config.ACLDatacenter + if args.Datacenter != a.srv.config.PrimaryDatacenter { + args.Datacenter = a.srv.config.PrimaryDatacenter args.IncludeLocal = false args.IncludeGlobal = true } - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenList", args, reply); done { @@ -969,7 +969,7 @@ func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *struc } if !a.srv.LocalTokensEnabled() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.TokenBatchRead", args, reply); done { @@ -1095,7 +1095,7 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.PolicySet", args, reply); done { @@ -1226,7 +1226,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.PolicyDelete", args, reply); done { @@ -1385,7 +1385,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicyResolveLegacyRequest, reply *stru } // Verify we are allowed to serve this request - if a.srv.config.ACLDatacenter != a.srv.config.Datacenter { + if a.srv.config.PrimaryDatacenter != a.srv.config.Datacenter { return acl.ErrDisabled } @@ -1527,7 +1527,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.RoleSet", args, reply); done { @@ -1685,7 +1685,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro } if !a.srv.InACLDatacenter() { - args.Datacenter = a.srv.config.ACLDatacenter + args.Datacenter = a.srv.config.PrimaryDatacenter } if done, err := a.srv.ForwardRPC("ACL.RoleDelete", args, reply); done { @@ -2522,8 +2522,8 @@ func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error { } else if !a.srv.InACLDatacenter() && !token.Local { // global token writes must be forwarded to the primary DC - args.Datacenter = a.srv.config.ACLDatacenter - return a.srv.forwardDC("ACL.Logout", a.srv.config.ACLDatacenter, args, reply) + args.Datacenter = a.srv.config.PrimaryDatacenter + return a.srv.forwardDC("ACL.Logout", a.srv.config.PrimaryDatacenter, args, reply) } // No need to check expiration time because it's being deleted. diff --git a/agent/consul/acl_endpoint_legacy.go b/agent/consul/acl_endpoint_legacy.go index ab004fa3a2..5d4905c070 100644 --- a/agent/consul/acl_endpoint_legacy.go +++ b/agent/consul/acl_endpoint_legacy.go @@ -56,7 +56,7 @@ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) err // Attempt a bootstrap. req := structs.ACLRequest{ - Datacenter: a.srv.config.ACLDatacenter, + Datacenter: a.srv.config.PrimaryDatacenter, Op: structs.ACLBootstrapNow, ACL: structs.ACL{ ID: token, diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index e15cd0c6e3..e9848ecac0 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -33,7 +33,7 @@ func TestACLEndpoint_Bootstrap(t *testing.T) { t.Parallel() _, srv, codec := testACLServerWithConfig(t, func(c *Config) { c.Build = "0.8.0" // Too low for auto init of bootstrap. - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true // remove the default as we want to bootstrap c.ACLMasterToken = "" @@ -490,7 +490,7 @@ func TestACLEndpoint_ReplicationStatus(t *testing.T) { t.Parallel() _, srv, codec := testACLServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc2" + c.PrimaryDatacenter = "dc2" c.ACLTokenReplication = true c.ACLReplicationRate = 100 c.ACLReplicationBurst = 100 diff --git a/agent/consul/acl_replication.go b/agent/consul/acl_replication.go index 0e8da6e9ff..6bc3818f6b 100644 --- a/agent/consul/acl_replication.go +++ b/agent/consul/acl_replication.go @@ -8,8 +8,9 @@ import ( "time" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/agent/structs" ) const ( @@ -86,7 +87,7 @@ var errContainsRedactedData = errors.New("replication results contain redacted d func (s *Server) fetchACLRolesBatch(roleIDs []string) (*structs.ACLRoleBatchResponse, error) { req := structs.ACLRoleBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, RoleIDs: roleIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -106,7 +107,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp defer metrics.MeasureSince([]string{"leader", "replication", "acl", "role", "fetch"}, time.Now()) req := structs.ACLRoleListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -124,7 +125,7 @@ func (s *Server) fetchACLRoles(lastRemoteIndex uint64) (*structs.ACLRoleListResp func (s *Server) fetchACLPoliciesBatch(policyIDs []string) (*structs.ACLPolicyBatchResponse, error) { req := structs.ACLPolicyBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, PolicyIDs: policyIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -144,7 +145,7 @@ func (s *Server) fetchACLPolicies(lastRemoteIndex uint64) (*structs.ACLPolicyLis defer metrics.MeasureSince([]string{"leader", "replication", "acl", "policy", "fetch"}, time.Now()) req := structs.ACLPolicyListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -314,7 +315,7 @@ func (s *Server) updateLocalACLType(ctx context.Context, logger hclog.Logger, tr func (s *Server) fetchACLTokensBatch(tokenIDs []string) (*structs.ACLTokenBatchResponse, error) { req := structs.ACLTokenBatchGetRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, AccessorIDs: tokenIDs, QueryOptions: structs.QueryOptions{ AllowStale: true, @@ -334,7 +335,7 @@ func (s *Server) fetchACLTokens(lastRemoteIndex uint64) (*structs.ACLTokenListRe defer metrics.MeasureSince([]string{"leader", "replication", "acl", "token", "fetch"}, time.Now()) req := structs.ACLTokenListRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ AllowStale: true, MinQueryIndex: lastRemoteIndex, @@ -479,7 +480,7 @@ func (s *Server) replicateACLType(ctx context.Context, logger hclog.Logger, tr a // IsACLReplicationEnabled returns true if ACL replication is enabled. // DEPRECATED (ACL-Legacy-Compat) - with new ACLs at least policy replication is required func (s *Server) IsACLReplicationEnabled() bool { - authDC := s.config.ACLDatacenter + authDC := s.config.PrimaryDatacenter return len(authDC) > 0 && (authDC != s.config.Datacenter) && s.config.ACLTokenReplication } @@ -516,7 +517,7 @@ func (s *Server) initReplicationStatus() { s.aclReplicationStatus.Enabled = true s.aclReplicationStatus.Running = true - s.aclReplicationStatus.SourceDatacenter = s.config.ACLDatacenter + s.aclReplicationStatus.SourceDatacenter = s.config.PrimaryDatacenter } func (s *Server) updateACLReplicationStatusStopped() { diff --git a/agent/consul/acl_replication_legacy.go b/agent/consul/acl_replication_legacy.go index 1ed56fffcb..72151245db 100644 --- a/agent/consul/acl_replication_legacy.go +++ b/agent/consul/acl_replication_legacy.go @@ -7,8 +7,9 @@ import ( "time" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/agent/structs" ) // aclIterator simplifies the algorithm below by providing a basic iterator that @@ -166,7 +167,7 @@ func (s *Server) fetchRemoteLegacyACLs(lastRemoteIndex uint64) (*structs.Indexed defer metrics.MeasureSince([]string{"leader", "fetchRemoteACLs"}, time.Now()) args := structs.DCSpecificRequest{ - Datacenter: s.config.ACLDatacenter, + Datacenter: s.config.PrimaryDatacenter, QueryOptions: structs.QueryOptions{ Token: s.tokens.ReplicationToken(), MinQueryIndex: lastRemoteIndex, diff --git a/agent/consul/acl_replication_legacy_test.go b/agent/consul/acl_replication_legacy_test.go index 9631ed9d36..3a4e034c94 100644 --- a/agent/consul/acl_replication_legacy_test.go +++ b/agent/consul/acl_replication_legacy_test.go @@ -234,7 +234,7 @@ func TestACLReplication_updateLocalACLs_RateLimit(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLReplicationApplyLimit = 1 }) @@ -289,7 +289,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { t.Parallel() // ACLs not enabled. dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "" + c.PrimaryDatacenter = "" c.ACLsEnabled = false }) defer os.RemoveAll(dir1) @@ -301,7 +301,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // ACLs enabled but not replication. dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true }) defer os.RemoveAll(dir2) @@ -316,7 +316,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // ACLs enabled with replication. dir3, s3 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true }) @@ -331,7 +331,7 @@ func TestACLReplication_IsACLReplicationEnabled(t *testing.T) { // so replication should be disabled. dir4, s4 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true }) @@ -354,7 +354,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -366,7 +366,7 @@ func TestACLReplication_LegacyTokens(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 diff --git a/agent/consul/acl_replication_test.go b/agent/consul/acl_replication_test.go index 26726fe360..32739c92a0 100644 --- a/agent/consul/acl_replication_test.go +++ b/agent/consul/acl_replication_test.go @@ -7,13 +7,14 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestACLReplication_diffACLPolicies(t *testing.T) { @@ -298,7 +299,7 @@ func TestACLReplication_Tokens(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -310,7 +311,7 @@ func TestACLReplication_Tokens(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -515,7 +516,7 @@ func TestACLReplication_Policies(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -527,7 +528,7 @@ func TestACLReplication_Policies(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 @@ -640,7 +641,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -683,7 +684,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -790,7 +791,7 @@ func TestACLReplication_AllTypes(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -802,7 +803,7 @@ func TestACLReplication_AllTypes(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = true c.ACLReplicationRate = 100 diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go index 0351c27249..40ae430efb 100644 --- a/agent/consul/acl_server.go +++ b/agent/consul/acl_server.go @@ -119,9 +119,9 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool { } if !s.InACLDatacenter() { - foundServers, mode, _ := ServersGetACLMode(s, "", s.config.ACLDatacenter) + foundServers, mode, _ := ServersGetACLMode(s, "", s.config.PrimaryDatacenter) if mode != structs.ACLModeEnabled || !foundServers { - s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "ACLDatacenter", s.config.ACLDatacenter, "mode", mode, "found", foundServers) + s.logger.Debug("Cannot upgrade to new ACLs, servers in acl datacenter are not yet upgraded", "PrimaryDatacenter", s.config.PrimaryDatacenter, "mode", mode, "found", foundServers) return false } } @@ -143,7 +143,7 @@ func (s *Server) canUpgradeToNewACLs(isLeader bool) bool { } func (s *Server) InACLDatacenter() bool { - return s.config.ACLDatacenter == "" || s.config.Datacenter == s.config.ACLDatacenter + return s.config.PrimaryDatacenter == "" || s.config.Datacenter == s.config.PrimaryDatacenter } func (s *Server) UseLegacyACLs() bool { @@ -167,8 +167,8 @@ func (s *Server) LocalTokensEnabled() bool { func (s *Server) ACLDatacenter(legacy bool) string { // For resolution running on servers the only option // is to contact the configured ACL Datacenter - if s.config.ACLDatacenter != "" { - return s.config.ACLDatacenter + if s.config.PrimaryDatacenter != "" { + return s.config.PrimaryDatacenter } // This function only gets called if ACLs are enabled. diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go index 6699469c12..1c870b823f 100644 --- a/agent/consul/acl_test.go +++ b/agent/consul/acl_test.go @@ -2194,7 +2194,7 @@ func TestACL_Replication(t *testing.T) { for _, aclDownPolicy := range aclExtendPolicies { dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLMasterToken = "root" }) defer os.RemoveAll(dir1) @@ -2204,7 +2204,7 @@ func TestACL_Replication(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLDefaultPolicy = "deny" c.ACLDownPolicy = aclDownPolicy c.ACLTokenReplication = true @@ -2218,7 +2218,7 @@ func TestACL_Replication(t *testing.T) { dir3, s3 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc3" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLDownPolicy = "deny" c.ACLTokenReplication = true c.ACLReplicationRate = 100 @@ -2312,7 +2312,7 @@ func TestACL_Replication(t *testing.T) { func TestACL_MultiDC_Found(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLMasterToken = "root" }) defer os.RemoveAll(dir1) @@ -2322,7 +2322,7 @@ func TestACL_MultiDC_Found(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" // Enable ACLs! + c.PrimaryDatacenter = "dc1" // Enable ACLs! }) defer os.RemoveAll(dir2) defer s2.Shutdown() diff --git a/agent/consul/acl_token_exp_test.go b/agent/consul/acl_token_exp_test.go index da7842db5a..6bb3f6ce9b 100644 --- a/agent/consul/acl_token_exp_test.go +++ b/agent/consul/acl_token_exp_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestACLTokenReap_Primary(t *testing.T) { @@ -41,7 +42,7 @@ func testACLTokenReap_Primary(t *testing.T, local, global bool) { require.NotEqual(t, local, global) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLTokenMinExpirationTTL = 10 * time.Millisecond diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index 46be6e702a..b160c8dcbc 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -180,7 +180,7 @@ func TestCatalog_Register_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -426,7 +426,7 @@ func TestCatalog_Register_ConnectProxy_ACLDestinationServiceName(t *testing.T) { assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -555,7 +555,7 @@ func TestCatalog_Deregister_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1295,7 +1295,7 @@ func TestCatalog_ListNodes_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1636,7 +1636,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true }) defer os.RemoveAll(dir1) @@ -1644,7 +1644,7 @@ func TestCatalog_ListServices_Stale(t *testing.T) { testrpc.WaitForTestAgent(t, s1.RPC, "dc1") dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" // Enable ACLs! + c.PrimaryDatacenter = "dc1" // Enable ACLs! c.ACLsEnabled = true c.Bootstrap = false // Disable bootstrap }) @@ -2413,7 +2413,7 @@ func TestCatalog_ListServiceNodes_ConnectProxy_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2708,7 +2708,7 @@ func TestCatalog_Register_FailedCase1(t *testing.T) { func testACLFilterServer(t *testing.T) (dir, token string, srv *Server, codec rpc.ClientCodec) { dir, srv = testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2871,7 +2871,7 @@ func TestCatalog_NodeServices_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -3284,7 +3284,7 @@ func TestCatalog_GatewayServices_ACLFiltering(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/config.go b/agent/consul/config.go index 81541bbeaa..d31dcc478b 100644 --- a/agent/consul/config.go +++ b/agent/consul/config.go @@ -179,14 +179,10 @@ type Config struct { ACLsEnabled bool // ACLMasterToken is used to bootstrap the ACL system. It should be specified - // on the servers in the ACLDatacenter. When the leader comes online, it ensures + // on the servers in the PrimaryDatacenter. When the leader comes online, it ensures // that the Master token is available. This provides the initial token. ACLMasterToken string - // ACLDatacenter provides the authoritative datacenter for ACL - // tokens. If not provided, ACL verification is disabled. - ACLDatacenter string - // ACLTokenTTL controls the time-to-live of cached ACL tokens. // It can be set to zero to disable caching, but this adds // a substantial cost. @@ -219,7 +215,7 @@ type Config struct { // allow-lists. ACLDefaultPolicy string - // ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter + // ACLDownPolicy controls the behavior of ACLs if the PrimaryDatacenter // cannot be contacted. It can be either "deny" to deny all requests, // "extend-cache" or "async-cache" which ignores the ACLCacheInterval and // uses cached policies. diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go index a5e92ad33d..da45107864 100644 --- a/agent/consul/config_endpoint_test.go +++ b/agent/consul/config_endpoint_test.go @@ -152,7 +152,7 @@ func TestConfigEntry_Apply_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -281,7 +281,7 @@ func TestConfigEntry_Get_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -494,7 +494,7 @@ func TestConfigEntry_List_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -579,7 +579,7 @@ func TestConfigEntry_ListAll_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -738,7 +738,7 @@ func TestConfigEntry_Delete_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1960,7 +1960,7 @@ func TestConfigEntry_ResolveServiceConfig_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index f5b7438e25..808cfe703f 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -161,7 +161,7 @@ func TestConnectCAConfig_GetSet_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -1102,7 +1102,7 @@ func TestConnectCASignValidation(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go index 9e9150d4fd..5d9d183e7a 100644 --- a/agent/consul/coordinate_endpoint_test.go +++ b/agent/consul/coordinate_endpoint_test.go @@ -194,7 +194,7 @@ func TestCoordinate_Update_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -370,7 +370,7 @@ func TestCoordinate_ListNodes_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -562,7 +562,7 @@ func TestCoordinate_Node_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index c1d09380b9..294a78721c 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -6,12 +6,13 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestDiscoveryChainEndpoint_Get(t *testing.T) { @@ -23,7 +24,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go index 5812a36363..92dbbe497c 100644 --- a/agent/consul/federation_state_endpoint_test.go +++ b/agent/consul/federation_state_endpoint_test.go @@ -6,15 +6,16 @@ import ( "testing" "time" + uuid "github.com/hashicorp/go-uuid" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - uuid "github.com/hashicorp/go-uuid" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestFederationState_Apply_Upsert(t *testing.T) { @@ -112,7 +113,7 @@ func TestFederationState_Apply_Upsert_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -232,7 +233,7 @@ func TestFederationState_Get_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -403,7 +404,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) { c.DisableFederationStateAntiEntropy = true c.Datacenter = "dc1" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -419,7 +420,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) { c.DisableFederationStateAntiEntropy = true c.Datacenter = "dc2" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -678,7 +679,7 @@ func TestFederationState_Apply_Delete_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go index 4aec9c7b00..54b8ff86cd 100644 --- a/agent/consul/health_endpoint_test.go +++ b/agent/consul/health_endpoint_test.go @@ -5,6 +5,10 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" @@ -12,9 +16,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestHealth_ChecksInState(t *testing.T) { @@ -980,7 +981,7 @@ func TestHealth_ServiceNodes_ConnectProxy_ACL(t *testing.T) { assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1294,7 +1295,7 @@ func TestHealth_ServiceNodes_Ingress_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go index 1af81751c3..bef7bedd4b 100644 --- a/agent/consul/intention_endpoint_test.go +++ b/agent/consul/intention_endpoint_test.go @@ -6,11 +6,12 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) // Test basic creation @@ -859,7 +860,7 @@ func TestIntentionApply_aclDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1264,7 +1265,7 @@ func TestIntentionApply_aclDelete(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1345,7 +1346,7 @@ func TestIntentionApply_aclUpdate(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1414,7 +1415,7 @@ func TestIntentionApply_aclManagement(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1459,7 +1460,7 @@ func TestIntentionApply_aclUpdateChange(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1524,7 +1525,7 @@ func TestIntentionGet_acl(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1928,7 +1929,7 @@ func TestIntentionCheck_defaultACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1964,7 +1965,7 @@ func TestIntentionCheck_defaultACLAllow(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -2000,7 +2001,7 @@ func TestIntentionCheck_aclDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index a3f389fcde..e03fb6b95f 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -6,6 +6,10 @@ import ( "strings" "testing" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -13,9 +17,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestInternal_NodeInfo(t *testing.T) { @@ -559,7 +560,7 @@ func TestInternal_EventFire_Token(t *testing.T) { t.Parallel() dir, srv := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDownPolicy = "deny" @@ -958,7 +959,7 @@ func TestInternal_GatewayServiceDump_Terminating_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1301,7 +1302,7 @@ func TestInternal_GatewayServiceDump_Ingress_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1904,7 +1905,7 @@ func TestInternal_ServiceTopology_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -2041,7 +2042,7 @@ func TestInternal_IntentionUpstreams_ACL(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go index 5d8305bc60..7e62aa8ea0 100644 --- a/agent/consul/kvs_endpoint_test.go +++ b/agent/consul/kvs_endpoint_test.go @@ -5,12 +5,13 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func TestKVS_Apply(t *testing.T) { @@ -81,7 +82,7 @@ func TestKVS_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -201,7 +202,7 @@ func TestKVS_Get_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -422,7 +423,7 @@ func TestKVSEndpoint_List_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -512,7 +513,7 @@ func TestKVSEndpoint_List_ACLEnableKeyListPolicy(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -715,7 +716,7 @@ func TestKVSEndpoint_ListKeys_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader.go b/agent/consul/leader.go index c076ab34bc..f93e1b1a0a 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -404,7 +404,7 @@ func (s *Server) initializeLegacyACL() error { return nil } - authDC := s.config.ACLDatacenter + authDC := s.config.PrimaryDatacenter // Create anonymous token if missing. state := s.fsm.State() diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go index 8b7592c072..ea10e5afea 100644 --- a/agent/consul/leader_connect_test.go +++ b/agent/consul/leader_connect_test.go @@ -200,7 +200,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { // Initialize primary as the primary DC dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "primary" - c.ACLDatacenter = "primary" + c.PrimaryDatacenter = "primary" c.Build = "1.6.0" c.ACLsEnabled = true c.ACLMasterToken = masterToken @@ -219,7 +219,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { // secondary as a secondary DC dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "secondary" - c.ACLDatacenter = "primary" + c.PrimaryDatacenter = "primary" c.Build = "1.6.0" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader_federation_state_ae_test.go b/agent/consul/leader_federation_state_ae_test.go index 61a40891ca..f2c483b4f9 100644 --- a/agent/consul/leader_federation_state_ae_test.go +++ b/agent/consul/leader_federation_state_ae_test.go @@ -5,12 +5,13 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestLeader_FederationStateAntiEntropy_FeatureIsStickyEvenIfSerfTagsRegress(t *testing.T) { @@ -356,7 +357,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -370,7 +371,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" c.PrimaryDatacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/leader_intentions_test.go b/agent/consul/leader_intentions_test.go index 2447cf08e2..0294d00949 100644 --- a/agent/consul/leader_intentions_test.go +++ b/agent/consul/leader_intentions_test.go @@ -27,7 +27,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -62,7 +62,7 @@ func TestLeader_ReplicateIntentions(t *testing.T) { // dc2 as a secondary DC dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" c.ACLTokenReplication = false diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go index 66e2124943..cedf8386bd 100644 --- a/agent/consul/leader_test.go +++ b/agent/consul/leader_test.go @@ -29,7 +29,7 @@ func TestLeader_RegisterMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -106,7 +106,7 @@ func TestLeader_FailedMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -172,7 +172,7 @@ func TestLeader_LeftMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -224,7 +224,7 @@ func TestLeader_ReapMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -291,7 +291,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -301,7 +301,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { defer s1.Shutdown() dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -311,7 +311,7 @@ func TestLeader_CheckServersMeta(t *testing.T) { defer s2.Shutdown() dir3, s3 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -399,7 +399,7 @@ func TestLeader_ReapServer(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -409,7 +409,7 @@ func TestLeader_ReapServer(t *testing.T) { defer s1.Shutdown() dir2, s2 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -419,7 +419,7 @@ func TestLeader_ReapServer(t *testing.T) { defer s2.Shutdown() dir3, s3 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "allow" @@ -480,7 +480,7 @@ func TestLeader_Reconcile_ReapMember(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -534,7 +534,7 @@ func TestLeader_Reconcile(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -889,7 +889,7 @@ func TestLeader_ReapTombstones(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1194,7 +1194,7 @@ func TestLeader_ACL_Initialization(t *testing.T) { c.Build = tt.build c.Bootstrap = true c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = tt.master } @@ -1305,7 +1305,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" }) @@ -1318,7 +1318,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 @@ -1363,7 +1363,7 @@ func TestLeader_ACLUpgrade_IsStickyEvenIfSerfTagsRegress(t *testing.T) { dir2new, s2new := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLTokenReplication = false c.ACLReplicationRate = 100 diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go index 962ab92cb1..62a3a3926f 100644 --- a/agent/consul/operator_autopilot_endpoint_test.go +++ b/agent/consul/operator_autopilot_endpoint_test.go @@ -5,14 +5,15 @@ import ( "testing" "time" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/consul/testrpc" msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/testrpc" ) func TestOperator_Autopilot_GetConfiguration(t *testing.T) { @@ -51,7 +52,7 @@ func TestOperator_Autopilot_GetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -155,7 +156,7 @@ func TestOperator_Autopilot_SetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go index 3c123f1fbc..53a7752e39 100644 --- a/agent/consul/operator_raft_endpoint_test.go +++ b/agent/consul/operator_raft_endpoint_test.go @@ -7,13 +7,14 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/raft" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/hashicorp/raft" - "github.com/stretchr/testify/require" ) func TestOperator_RaftGetConfiguration(t *testing.T) { @@ -69,7 +70,7 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -217,7 +218,7 @@ func TestOperator_RaftRemovePeerByAddress_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -346,7 +347,7 @@ func TestOperator_RaftRemovePeerByID_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go index dc7305ec7e..6ebf05a5c2 100644 --- a/agent/consul/prepared_query_endpoint_test.go +++ b/agent/consul/prepared_query_endpoint_test.go @@ -11,6 +11,12 @@ import ( "testing" "time" + "github.com/hashicorp/go-hclog" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/serf/coordinate" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" @@ -18,11 +24,6 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" - "github.com/hashicorp/go-hclog" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/hashicorp/serf/coordinate" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestPreparedQuery_Apply(t *testing.T) { @@ -197,7 +198,7 @@ func TestPreparedQuery_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -643,7 +644,7 @@ func TestPreparedQuery_ACLDeny_Catchall_Template(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -862,7 +863,7 @@ func TestPreparedQuery_Get(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1120,7 +1121,7 @@ func TestPreparedQuery_List(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1333,7 +1334,7 @@ func TestPreparedQuery_Explain(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1474,7 +1475,7 @@ func TestPreparedQuery_Execute(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -1487,7 +1488,7 @@ func TestPreparedQuery_Execute(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLDefaultPolicy = "deny" }) @@ -2780,7 +2781,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -2790,7 +2791,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) { dir2, s2 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc2" - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/server.go b/agent/consul/server.go index e23e9e0037..99957c6e1c 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -332,16 +332,17 @@ func NewServer(config *Config, flat Deps) (*Server, error) { } // Set the primary DC if it wasn't set. + // TODO: remove if config.PrimaryDatacenter == "" { - if config.ACLDatacenter != "" { - config.PrimaryDatacenter = config.ACLDatacenter + if config.PrimaryDatacenter != "" { + config.PrimaryDatacenter = config.PrimaryDatacenter } else { config.PrimaryDatacenter = config.Datacenter } } if config.PrimaryDatacenter != "" { - config.ACLDatacenter = config.PrimaryDatacenter + config.PrimaryDatacenter = config.PrimaryDatacenter } // Create the tombstone GC. diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index de7221f861..d3dfa65848 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -74,7 +74,7 @@ func testTLSCertificates(serverName string) (cert string, key string, cacert str // up all of the ACL configurations (so they can still be overridden) func testServerACLConfig(cb func(*Config)) func(*Config) { return func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = TestDefaultMasterToken c.ACLDefaultPolicy = "deny" @@ -349,11 +349,11 @@ func TestServer_fixupACLDatacenter(t *testing.T) { testrpc.WaitForLeader(t, s2.RPC, "bee") require.Equal(t, "aye", s1.config.Datacenter) - require.Equal(t, "aye", s1.config.ACLDatacenter) + require.Equal(t, "aye", s1.config.PrimaryDatacenter) require.Equal(t, "aye", s1.config.PrimaryDatacenter) require.Equal(t, "bee", s2.config.Datacenter) - require.Equal(t, "aye", s2.config.ACLDatacenter) + require.Equal(t, "aye", s2.config.PrimaryDatacenter) require.Equal(t, "aye", s2.config.PrimaryDatacenter) } diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go index e66aefcd04..a3476cd1fa 100644 --- a/agent/consul/session_endpoint_test.go +++ b/agent/consul/session_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/stringslice" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" ) func TestSession_Apply(t *testing.T) { @@ -153,7 +154,7 @@ func TestSession_Apply_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -391,7 +392,7 @@ func TestSession_Get_List_NodeSessions_ACLFilter(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -750,7 +751,7 @@ func TestSession_Renew_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go index 9c0f00d40b..a1fa1efb89 100644 --- a/agent/consul/snapshot_endpoint_test.go +++ b/agent/consul/snapshot_endpoint_test.go @@ -7,14 +7,15 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + autopilot "github.com/hashicorp/raft-autopilot" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - autopilot "github.com/hashicorp/raft-autopilot" - "github.com/stretchr/testify/require" ) // verifySnapshot is a helper that does a snapshot and restore. @@ -268,7 +269,7 @@ func TestSnapshot_ACLDeny(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go index 25110219e9..a23cdf1929 100644 --- a/agent/consul/txn_endpoint_test.go +++ b/agent/consul/txn_endpoint_test.go @@ -319,7 +319,7 @@ func TestTxn_Apply_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" @@ -854,7 +854,7 @@ func TestTxn_Read_ACLDeny(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.ACLsEnabled = true c.ACLMasterToken = "root" c.ACLDefaultPolicy = "deny" diff --git a/agent/uiserver/uiserver_test.go b/agent/uiserver/uiserver_test.go index 3f56536088..6b0769a22e 100644 --- a/agent/uiserver/uiserver_test.go +++ b/agent/uiserver/uiserver_test.go @@ -226,7 +226,7 @@ func basicUIEnabledConfig(opts ...cfgFunc) *config.RuntimeConfig { func withACLs() cfgFunc { return func(cfg *config.RuntimeConfig) { - cfg.ACLDatacenter = "dc1" + cfg.PrimaryDatacenter = "dc1" cfg.ACLDefaultPolicy = "deny" cfg.ACLsEnabled = true } From 67fc97522f5f64d9850da44389c968e88b25afbc Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 6 Aug 2021 18:02:55 -0400 Subject: [PATCH 2/2] server: remove defaulting of PrimaryDatacenter The constructor for Server is not at all the appropriate place to be setting default values for a config struct that was passed in. In production this value is always set from agent/config. In tests we should set the default in a test helper. --- agent/consul/auto_encrypt_endpoint_test.go | 1 + agent/consul/connect_ca_endpoint_test.go | 4 ++++ agent/consul/federation_state_endpoint_test.go | 4 ++++ agent/consul/leader_connect_test.go | 3 +++ agent/consul/leader_test.go | 1 + agent/consul/server.go | 14 -------------- agent/consul/server_test.go | 3 +++ 7 files changed, 16 insertions(+), 14 deletions(-) diff --git a/agent/consul/auto_encrypt_endpoint_test.go b/agent/consul/auto_encrypt_endpoint_test.go index 40bc8e5072..800392b95e 100644 --- a/agent/consul/auto_encrypt_endpoint_test.go +++ b/agent/consul/auto_encrypt_endpoint_test.go @@ -57,6 +57,7 @@ func TestAutoEncryptSign(t *testing.T) { } dir, s := testServerWithConfig(t, func(c *Config) { c.AutoEncryptAllowTLS = true + c.PrimaryDatacenter = "dc1" c.Bootstrap = true c.TLSConfig.CAFile = root c.TLSConfig.VerifyOutgoing = true diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index 808cfe703f..4482860948 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -670,6 +670,7 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) { // Initialize primary as the primary DC dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "primary" + c.PrimaryDatacenter = "primary" }) defer os.RemoveAll(dir1) defer s1.Shutdown() @@ -842,6 +843,7 @@ func TestConnectCASign(t *testing.T) { assert := assert.New(t) require := require.New(t) dir1, s1 := testServerWithConfig(t, func(cfg *Config) { + cfg.PrimaryDatacenter = "dc1" cfg.CAConfig.Config["PrivateKeyType"] = tt.caKeyType cfg.CAConfig.Config["PrivateKeyBits"] = tt.caKeyBits }) @@ -931,6 +933,7 @@ func TestConnectCASign_rateLimit(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.Bootstrap = true c.CAConfig.Config = map[string]interface{}{ // It actually doesn't work as expected with some higher values because @@ -996,6 +999,7 @@ func TestConnectCASign_concurrencyLimit(t *testing.T) { require := require.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.Bootstrap = true c.CAConfig.Config = map[string]interface{}{ // Must disable the rate limit since it takes precedence diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go index 92dbbe497c..b48f42b210 100644 --- a/agent/consul/federation_state_endpoint_test.go +++ b/agent/consul/federation_state_endpoint_test.go @@ -27,6 +27,7 @@ func TestFederationState_Apply_Upsert(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() @@ -190,6 +191,7 @@ func TestFederationState_Get(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() @@ -306,6 +308,7 @@ func TestFederationState_List(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() @@ -596,6 +599,7 @@ func TestFederationState_Apply_Delete(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.DisableFederationStateAntiEntropy = true + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go index ea10e5afea..038f2f0ff6 100644 --- a/agent/consul/leader_connect_test.go +++ b/agent/consul/leader_connect_test.go @@ -55,6 +55,7 @@ func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) { // Initialize primary as the primary DC dir1, srv := testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.Build = "1.6.0" c.CAConfig.Config["PrivateKeyType"] = src.keyType c.CAConfig.Config["PrivateKeyBits"] = src.keyBits @@ -600,6 +601,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) { dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Build = "1.6.0" + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() @@ -850,6 +852,7 @@ func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T dir1, s1 := testServerWithConfig(t, func(c *Config) { c.Build = "1.6.0" + c.PrimaryDatacenter = "dc1" }) defer os.RemoveAll(dir1) defer s1.Shutdown() diff --git a/agent/consul/leader_test.go b/agent/consul/leader_test.go index cedf8386bd..8527ea9e9d 100644 --- a/agent/consul/leader_test.go +++ b/agent/consul/leader_test.go @@ -1232,6 +1232,7 @@ func TestLeader_ACLUpgrade(t *testing.T) { t.Parallel() dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLsEnabled = true + c.PrimaryDatacenter = "dc1" c.ACLMasterToken = "root" }) defer os.RemoveAll(dir1) diff --git a/agent/consul/server.go b/agent/consul/server.go index 99957c6e1c..4cab854e09 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -331,20 +331,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) { return nil, err } - // Set the primary DC if it wasn't set. - // TODO: remove - if config.PrimaryDatacenter == "" { - if config.PrimaryDatacenter != "" { - config.PrimaryDatacenter = config.PrimaryDatacenter - } else { - config.PrimaryDatacenter = config.Datacenter - } - } - - if config.PrimaryDatacenter != "" { - config.PrimaryDatacenter = config.PrimaryDatacenter - } - // Create the tombstone GC. gc, err := state.NewTombstoneGC(config.TombstoneTTL, config.TombstoneTTLGranularity) if err != nil { diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index d3dfa65848..0dd19156c5 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -125,6 +125,7 @@ func testServerConfig(t *testing.T) (string, *Config) { config.NodeName = uniqueNodeName(t.Name()) config.Bootstrap = true config.Datacenter = "dc1" + config.PrimaryDatacenter = "dc1" config.DataDir = dir // bind the rpc server to a random port. config.RPCAdvertise will be @@ -195,6 +196,7 @@ func testServerConfig(t *testing.T) (string, *Config) { func testServer(t *testing.T) (string, *Server) { return testServerWithConfig(t, func(c *Config) { c.Datacenter = "dc1" + c.PrimaryDatacenter = "dc1" c.Bootstrap = true }) } @@ -209,6 +211,7 @@ func testServerDC(t *testing.T, dc string) (string, *Server) { func testServerDCBootstrap(t *testing.T, dc string, bootstrap bool) (string, *Server) { return testServerWithConfig(t, func(c *Config) { c.Datacenter = dc + c.PrimaryDatacenter = dc c.Bootstrap = bootstrap }) }