2020-09-08 21:31:47 +00:00
|
|
|
package subscribe
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
|
|
|
)
|
|
|
|
|
|
|
|
// EnforceACL takes an acl.Authorizer and returns the decision for whether the
|
|
|
|
// event is allowed to be sent to this client or not.
|
|
|
|
func enforceACL(authz acl.Authorizer, e stream.Event) acl.EnforcementDecision {
|
|
|
|
switch {
|
2020-10-02 17:55:41 +00:00
|
|
|
case e.IsEndOfSnapshot(), e.IsNewSnapshotToFollow():
|
2020-09-08 21:31:47 +00:00
|
|
|
return acl.Allow
|
|
|
|
}
|
|
|
|
|
|
|
|
switch p := e.Payload.(type) {
|
|
|
|
case state.EventPayloadCheckServiceNode:
|
2020-10-06 23:08:36 +00:00
|
|
|
return p.Value.CanRead(authz)
|
2020-09-08 21:31:47 +00:00
|
|
|
}
|
|
|
|
return acl.Deny
|
|
|
|
}
|