mirror of https://github.com/hashicorp/consul
acl: remove bootstrap-init FSM operation
parent
dab5d1bdc8
commit
ed928511ca
|
@ -254,19 +254,13 @@ func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
|
|||
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl"}, time.Now(),
|
||||
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
||||
switch req.Op {
|
||||
case structs.ACLBootstrapInit:
|
||||
enabled, _, err := c.state.CanBootstrapACLToken()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return enabled
|
||||
case structs.ACLSet:
|
||||
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
|
||||
return err
|
||||
}
|
||||
return req.ACL.ID
|
||||
// Legacy commands that have been removed
|
||||
case "bootstrap-now", "force-set", "delete":
|
||||
case "bootstrap-now", "bootstrap-init", "force-set", "delete":
|
||||
return fmt.Errorf("command %v has been removed with the legacy ACL system", req.Op)
|
||||
default:
|
||||
c.logger.Warn("Invalid ACL operation", "operation", req.Op)
|
||||
|
|
|
@ -829,102 +829,6 @@ func TestFSM_SessionCreate_Destroy(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestFSM_ACL_CRUD(t *testing.T) {
|
||||
t.Parallel()
|
||||
logger := testutil.Logger(t)
|
||||
fsm, err := New(nil, logger)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
// Create a new ACL.
|
||||
req := structs.ACLRequest{
|
||||
Datacenter: "dc1",
|
||||
Op: structs.ACLSet,
|
||||
ACL: structs.ACL{
|
||||
ID: generateUUID(),
|
||||
Name: "User token",
|
||||
Type: structs.ACLTokenTypeClient,
|
||||
},
|
||||
}
|
||||
buf, err := structs.Encode(structs.ACLRequestType, req)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
resp := fsm.Apply(makeLog(buf))
|
||||
if err, ok := resp.(error); ok {
|
||||
t.Fatalf("resp: %v", err)
|
||||
}
|
||||
|
||||
// Get the ACL.
|
||||
id := resp.(string)
|
||||
_, acl, err := fsm.state.ACLTokenGetBySecret(nil, id, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if acl == nil {
|
||||
t.Fatalf("missing")
|
||||
}
|
||||
|
||||
// Verify the ACL.
|
||||
if acl.SecretID != id {
|
||||
t.Fatalf("bad: %v", *acl)
|
||||
}
|
||||
if acl.Description != "User token" {
|
||||
t.Fatalf("bad: %v", *acl)
|
||||
}
|
||||
if acl.Type != structs.ACLTokenTypeClient {
|
||||
t.Fatalf("bad: %v", *acl)
|
||||
}
|
||||
|
||||
// Try to destroy.
|
||||
destroy := structs.ACLRequest{
|
||||
Datacenter: "dc1",
|
||||
Op: structs.ACLDelete,
|
||||
ACL: structs.ACL{
|
||||
ID: id,
|
||||
},
|
||||
}
|
||||
buf, err = structs.Encode(structs.ACLRequestType, destroy)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
resp = fsm.Apply(makeLog(buf))
|
||||
if resp != nil {
|
||||
t.Fatalf("resp: %v", resp)
|
||||
}
|
||||
|
||||
_, acl, err = fsm.state.ACLTokenGetBySecret(nil, id, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if acl != nil {
|
||||
t.Fatalf("should be destroyed")
|
||||
}
|
||||
|
||||
// Initialize bootstrap (should work since we haven't made a management
|
||||
// token).
|
||||
init := structs.ACLRequest{
|
||||
Datacenter: "dc1",
|
||||
Op: structs.ACLBootstrapInit,
|
||||
}
|
||||
buf, err = structs.Encode(structs.ACLRequestType, init)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
resp = fsm.Apply(makeLog(buf))
|
||||
if enabled, ok := resp.(bool); !ok || !enabled {
|
||||
t.Fatalf("resp: %v", resp)
|
||||
}
|
||||
canBootstrap, _, err := fsm.state.CanBootstrapACLToken()
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if !canBootstrap {
|
||||
t.Fatalf("bad: shouldn't be able to bootstrap")
|
||||
}
|
||||
}
|
||||
|
||||
func TestFSM_PreparedQuery_CRUD(t *testing.T) {
|
||||
t.Parallel()
|
||||
logger := testutil.Logger(t)
|
||||
|
|
|
@ -13,14 +13,6 @@ import (
|
|||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
const (
|
||||
// ACLBootstrapInit is used to perform a scan for existing tokens which
|
||||
// will decide whether bootstrapping is allowed for a cluster. This is
|
||||
// initiated by the leader when it steps up, if necessary.
|
||||
// TODO(ACL-Legacy-Compat): remove
|
||||
ACLBootstrapInit ACLOp = "bootstrap-init"
|
||||
)
|
||||
|
||||
const (
|
||||
// ACLTokenTypeClient tokens have rules applied
|
||||
ACLTokenTypeClient = "client"
|
||||
|
|
Loading…
Reference in New Issue