luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Update NodeRead for partition-exports 

When issuing cross-partition service discovery requests, ACL filtering
often checks for NodeRead privileges. This is because the common return
type is a CheckServiceNode, which contains node data.
This commit is contained in:
freddygv 2021-10-25 20:17:21 -06:00
parent afb0976eac
commit 015d85cd74
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
acl/acl.go
View File

@ -16,7 +16,7 @@ type Config struct {
type PartitionExportInfo interface { type PartitionExportInfo interface {
// DownstreamPartitions returns the list of partitions the given service has been exported to. // DownstreamPartitions returns the list of partitions the given service has been exported to.
DownstreamPartitions(service string, ctx *AuthorizerContext) []string DownstreamPartitions(service string, anyService bool, ctx *AuthorizerContext) []string
} }
// GetWildcardName will retrieve the configured wildcard name or provide a default // GetWildcardName will retrieve the configured wildcard name or provide a default

2
agent/consul/acl.go
View File

@ -1903,6 +1903,6 @@ func filterACL(r *ACLResolver, token string, subj interface{}) error {
type partitionInfoNoop struct{} type partitionInfoNoop struct{}
func (p *partitionInfoNoop) DownstreamPartitions(service string, ctx *acl.AuthorizerContext) []string { func (p *partitionInfoNoop) DownstreamPartitions(service string, anyService bool, ctx *acl.AuthorizerContext) []string {
return []string{} return []string{}
} }