From 015d85cd74d71a9fdb960cbb869446d2c1a82263 Mon Sep 17 00:00:00 2001
From: freddygv <freddy@hashicorp.com>
Date: Mon, 25 Oct 2021 20:17:21 -0600
Subject: [PATCH] Update NodeRead for partition-exports

When issuing cross-partition service discovery requests, ACL filtering
often checks for NodeRead privileges. This is because the common return
type is a CheckServiceNode, which contains node data.
---
 acl/acl.go          | 2 +-
 agent/consul/acl.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/acl/acl.go b/acl/acl.go
index 9538a18e5..a59f38044 100644
--- a/acl/acl.go
+++ b/acl/acl.go
@@ -16,7 +16,7 @@ type Config struct {
 
 type PartitionExportInfo interface {
 	// DownstreamPartitions returns the list of partitions the given service has been exported to.
-	DownstreamPartitions(service string, ctx *AuthorizerContext) []string
+	DownstreamPartitions(service string, anyService bool, ctx *AuthorizerContext) []string
 }
 
 // GetWildcardName will retrieve the configured wildcard name or provide a default
diff --git a/agent/consul/acl.go b/agent/consul/acl.go
index 095ec8eba..c5bf1aa96 100644
--- a/agent/consul/acl.go
+++ b/agent/consul/acl.go
@@ -1903,6 +1903,6 @@ func filterACL(r *ACLResolver, token string, subj interface{}) error {
 
 type partitionInfoNoop struct{}
 
-func (p *partitionInfoNoop) DownstreamPartitions(service string, ctx *acl.AuthorizerContext) []string {
+func (p *partitionInfoNoop) DownstreamPartitions(service string, anyService bool, ctx *acl.AuthorizerContext) []string {
 	return []string{}
 }