authorizer: remove now-obsolete migration code

tailscale · Jan 27, 2025 · fe2a439 · fe2a439
1 parent c87590b
commit fe2a439
Showing 1 changed file with 1 addition and 15 deletions.
diff --git a/authorizer/peercaps.go → authorizer/aclgrant.go b/authorizer/peercaps.go → authorizer/aclgrant.go
@@ -16,12 +16,6 @@ import (
 // tailsqlCap is the default name of the tailsql capability.
 const tailsqlCap = "tailscale.com/cap/tailsql"
 
-// PeerCaps is a temporary migration alias for ACLGrants.
-// Deprecated: Use ACLGrants directly for new code.
-func PeerCaps(logf logger.Logf) func(string, *apitype.WhoIsResponse) error {
-	return ACLGrants(logf)
-}
-
 // ACLGrants returns an authorization function that uses ACL grants from the
 // tailnet to check access for query sources.
 // If logf == nil, logs are sent to log.Printf.
@@ -41,16 +35,8 @@ func ACLGrants(logf logger.Logf) func(string, *apitype.WhoIsResponse) error {
 			DataSrc []string `json:"src"`
 		}
 		rules, err := tailcfg.UnmarshalCapJSON[rule](who.CapMap, tailsqlCap)
-
-		// TODO(creachadair): As a temporary measure to allow us to migrate
-		// capability names away from the https:// prefix, if we don't get a
-		// result without the prefix, try again with it. Remove this once the
-		// policy has been updated on the server side.
-		if err == nil && len(rules) == 0 {
-			rules, err = tailcfg.UnmarshalCapJSON[rule](who.CapMap, "https://"+tailsqlCap)
-		}
 		if err != nil || len(rules) == 0 {
-			return errors.New("not authorized for access tailsql")
+			return errors.New("not authorized for access to tailsql")
 		}
 		for _, rule := range rules {
 			for _, s := range rule.DataSrc {