revert hack

hashicorp · May 1, 2023 · 1715872 · 1715872
1 parent 5adab75
commit 1715872
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 46 deletions.
diff --git a/sprawl/acl.go b/sprawl/acl.go
@@ -160,39 +160,13 @@ func (s *Sprawl) createCrossNamespaceCatalogReadPolicies(cluster *topology.Clust
 
 func (s *Sprawl) createAllServiceTokens() error {
 	for _, cluster := range s.topology.Clusters {
-		if err := s.createAgentReadPolicies(cluster); err != nil {
-			return fmt.Errorf("createAgentReadPolicies[%s]: %w", cluster.Name, err)
-		}
 		if err := s.createServiceTokens(cluster); err != nil {
 			return fmt.Errorf("createServiceTokens[%s]: %w", cluster.Name, err)
 		}
 	}
 	return nil
 }
 
-func (s *Sprawl) createAgentReadPolicies(cluster *topology.Cluster) error {
-	var (
-		client = s.clients[cluster.Name]
-		logger = s.logger.With("cluster", cluster.Name)
-	)
-	logger.Info("TODO: REMOVE THIS HACK WHEN NOT NEEDED ANY LONGER")
-
-	for _, part := range cluster.Partitions {
-		op, err := CreateOrUpdatePolicy(client, policyForAgentRead(part.Name, cluster.Enterprise))
-		if err != nil {
-			return err
-		}
-
-		logger.Info("created agent read wildcard read policy",
-			"policy-name", op.Name,
-			"policy-id", op.ID,
-			"partition", part.Name,
-		)
-	}
-
-	return nil
-}
-
 func (s *Sprawl) createServiceTokens(cluster *topology.Cluster) error {
 	var (
 		client = s.clients[cluster.Name]

diff --git a/sprawl/acl_rules.go b/sprawl/acl_rules.go
@@ -8,23 +8,6 @@ import (
 	"github.com/hashicorp/consul-topology/topology"
 )
 
-func policyForAgentRead(partition string, enterprise bool) *api.ACLPolicy {
-	p := &api.ACLPolicy{
-		Name:        "wildcard-agent-read",
-		Description: "wildcard-agent-read",
-		Rules: `
-agent_prefix "" {
-  policy = "read"
-}
-`,
-	}
-	if enterprise {
-		p.Partition = partition
-		p.Namespace = "default"
-	}
-	return p
-}
-
 func policyForCrossNamespaceRead(partition string) *api.ACLPolicy {
 	return &api.ACLPolicy{
 		Name:        "cross-ns-catalog-read",
@@ -74,9 +57,6 @@ func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enter
 		}}
 	}
 
-	// TODO: remove this hack
-	token.Policies = append(token.Policies, &api.ACLTokenPolicyLink{Name: "wildcard-agent-read"})
-
 	if enterprise {
 		token.Namespace = svc.ID.Namespace
 		token.Partition = svc.ID.Partition