ACL, legacy config to new

Hi All, I hope you are all well.

I have a few questions regarding ACL.

  1. How to quickly know if ACL token is of legacy type? Is there an identifier and can this be seen when invoking consul acl token read -id {token_id}?

  2. In a consul (version 1.6.2) cluster where ACL got enabled by setting the legacy option acl_datacenter. If this will be changed to the new config below, will this impact the existing tokens?

"acl": {
  "enabled": true  

Legacy ACL tokens have rules, written in HCL, directly associated with them. Modern tokens have instead, links to policies and/or roles.

As written in the documentation, you need to define primary_datacenter as well when migrating.