luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Fill the Authz Context with a Sentinel Scope (#6729)

This commit is contained in:
Matt Keeler 2019-11-01 17:05:22 -04:00 committed by GitHub
parent ba9871d1c2
commit 7081643191
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/consul/kvs_endpoint.go
View File

@ -48,8 +48,9 @@ func kvsPreApply(srv *Server, rule acl.Authorizer, op api.KVOp, dirEnt *structs.
}
default:
// TODO (namespaces) use actual ent authz context - ensure we set the Sentinel Scope
if rule.KeyWrite(dirEnt.Key, nil) != acl.Allow {
var authzContext acl.EnterpriseAuthorizerContext
dirEnt.FillAuthzContext(&authzContext)
if rule.KeyWrite(dirEnt.Key, &authzContext) != acl.Allow {
return false, acl.ErrPermissionDenied
}
}