luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

ENT to OSS sync (#11703)

This commit is contained in:
Chris S. Kim 2021-12-01 14:56:10 -05:00 committed by GitHub
parent 70b143ddc5
commit 67eacee31e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/acl_endpoint_test.go
View File

@ -2151,7 +2151,7 @@ func TestACL_Authorize(t *testing.T) {
false, // agent:write false, // agent:write
false, // event:read false, // event:read
false, // event:write false, // event:write
true, // intention:read true, // intentions:read
false, // intention:write false, // intention:write
false, // key:read false, // key:read
false, // key:list false, // key:list

4
agent/consul/intention_endpoint.go
View File

@ -605,10 +605,10 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
} }
var authzContext acl.AuthorizerContext var authzContext acl.AuthorizerContext
// Go through each entry to ensure we have intention:read for the resource. // Go through each entry to ensure we have intentions:read for the resource.
// TODO - should we do this instead of filtering the result set? This will only allow // TODO - should we do this instead of filtering the result set? This will only allow
// queries for which the token has intention:read permissions on the requested side // queries for which the token has intentions:read permissions on the requested side
// of the service. Should it instead return all matches that it would be able to list. // of the service. Should it instead return all matches that it would be able to list.
// if so we should remove this and call filterACL instead. Based on how this is used // if so we should remove this and call filterACL instead. Based on how this is used
// its probably fine. If you have intention read on the source just do a source type // its probably fine. If you have intention read on the source just do a source type

9
agent/consul/status_endpoint_test.go
View File

@ -7,12 +7,13 @@ import (
"testing" "testing"
"time" "time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/pool"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/tlsutil" "github.com/hashicorp/consul/tlsutil"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/require"
) )
func rpcClient(t *testing.T, s *Server) rpc.ClientCodec { func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
@ -24,7 +25,9 @@ func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
// Write the Consul RPC byte to set the mode // Write the Consul RPC byte to set the mode
conn.Write([]byte{byte(pool.RPCConsul)}) conn.Write([]byte{byte(pool.RPCConsul)})
return msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle) codec := msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle)
t.Cleanup(func() { codec.Close() })
return codec
} }
func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) { func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) {