Remove user login state code marked for deletion in v17 (#44430)

api/types/userloginstate/user_login_state.go

@@ -25,14 +25,6 @@ import (
 	"github.com/gravitational/teleport/api/types/trait"
 )
 
-const (
-	// OriginalRolesAndTraitsSet is an annotation that will indicate that the original roles and traits have been
-	// set for this objects. For existing user login states, this will not be set, indicating that we can't
-	// use these fields reliably.
-	// DELETE IN 17 (mdwn)
-	OriginalRolesAndTraitsSet = types.TeleportInternalLabelPrefix + "original-set"
-)
-
 // UserLoginState is the ephemeral user login state. This will hold data to differentiate
 // from the User object. This will allow us to store derived roles and traits from
 // access lists, login rules, and other mechanisms to more easily incorporate these
@@ -105,12 +97,6 @@ func (u *UserLoginState) GetOriginalTraits() map[string][]string {
 	return u.Spec.OriginalTraits
 }
 
-// IsOriginalRolesAndTraitsSet will return true if the original roles and traits annotation is present.
-func (u *UserLoginState) IsOriginalRolesAndTraitsSet() bool {
-	_, isSet := u.GetLabel(OriginalRolesAndTraitsSet)
-	return isSet
-}
-
 // GetRoles returns the roles attached to the user login state.
 func (u *UserLoginState) GetRoles() []string {
 	return u.Spec.Roles

lib/auth/userloginstate/generator.go

@@ -134,17 +134,11 @@ func (g *Generator) Generate(ctx context.Context, user types.User) (*userloginst
 		}
 	}
 
-	labels := make(map[string]string, len(user.GetAllLabels()))
-	for k, v := range user.GetAllLabels() {
-		labels[k] = v
-	}
-	labels[userloginstate.OriginalRolesAndTraitsSet] = "true"
-
 	// Create a new empty user login state.
 	uls, err := userloginstate.New(
 		header.Metadata{
 			Name:   user.GetName(),
-			Labels: labels,
+			Labels: user.GetAllLabels(),
 		}, userloginstate.Spec{
 			OriginalRoles:  utils.CopyStrings(user.GetRoles()),
 			OriginalTraits: originalTraits,

lib/auth/userloginstate/generator_test.go

@@ -92,9 +92,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -121,9 +120,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -153,9 +151,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -182,9 +179,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -212,9 +208,7 @@ func TestAccessLists(t *testing.T) {
 			roles:   []string{"orole1", "owner-role1", "owner-role2"},
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, ownerUser,
-				map[string]string{
-					userloginstate.OriginalRolesAndTraitsSet: "true",
-				},
+				nil,
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
 				[]string{"orole1", "owner-role1", "owner-role2"},
@@ -241,9 +235,7 @@ func TestAccessLists(t *testing.T) {
 			roles:   []string{"orole1", "owner-role1", "owner-role2", "role1"},
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, ownerUser,
-				map[string]string{
-					userloginstate.OriginalRolesAndTraitsSet: "true",
-				},
+				nil,
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
 				[]string{"orole1", "owner-role1", "owner-role2", "role1"},
@@ -288,9 +280,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -313,9 +304,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -347,9 +337,8 @@ func TestAccessLists(t *testing.T) {
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
 				map[string]string{
-					"label1":                                 "value1",
-					"label2":                                 "value2",
-					userloginstate.OriginalRolesAndTraitsSet: "true",
+					"label1": "value1",
+					"label2": "value2",
 				},
 				[]string{"orole1"},
 				trait.Traits{"otrait1": {"value1", "value2"}},
@@ -379,9 +368,7 @@ func TestAccessLists(t *testing.T) {
 			roles:   []string{"role1"},
 			wantErr: require.NoError,
 			expected: newUserLoginState(t, "user",
-				map[string]string{
-					userloginstate.OriginalRolesAndTraitsSet: "true",
-				},
+				nil,
 				nil,
 				nil,
 				[]string{"role1"},