local: default to the agent token instead of the user token
When de-registering in anti-entropy sync, when there is no service or check token. The agent token will fall back to the default (aka user) token if no agent token is set, so the existing behaviour still works, but it will prefer the agent token over the user token if both are set. ref: https://www.consul.io/docs/agent/options#acl_tokens The agent token seems more approrpiate in this case, since this is an "internal operation", not something initiated by the user.
This commit is contained in:
parent
74c3b69632
commit
76a365d410
|
@ -0,0 +1,3 @@
|
|||
```release-notes:improvement
|
||||
client: when a client agent is attempting to dereigster a service, anddoes not have access to the ACL token used to register a service, attempt to use the agent token instead of the default user token. If no agent token is set, fall back to the default user token.
|
||||
```
|
|
@ -243,7 +243,7 @@ func (l *State) serviceToken(id structs.ServiceID) string {
|
|||
token = s.Token
|
||||
}
|
||||
if token == "" {
|
||||
token = l.tokens.UserToken()
|
||||
token = l.tokens.AgentToken()
|
||||
}
|
||||
return token
|
||||
}
|
||||
|
@ -457,7 +457,7 @@ func (l *State) checkToken(id structs.CheckID) string {
|
|||
token = c.Token
|
||||
}
|
||||
if token == "" {
|
||||
token = l.tokens.UserToken()
|
||||
token = l.tokens.AgentToken()
|
||||
}
|
||||
return token
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue