Merge pull request #11812 from hashicorp/metrics-ui-acls

oss: use wildcard partition in metrics proxy ui endpoint
This commit is contained in:
Kyle Havlovitz 2021-12-10 16:24:47 -08:00 committed by GitHub
commit b9e1dcde1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions

View File

@ -631,9 +631,10 @@ func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Reques
//
// In enterprise it requires this _in all namespaces_ too.
//
// TODO(partitions,acls): need to revisit this
// In enterprise it requires this _in all namespaces and partitions_ too.
var authzContext acl.AuthorizerContext
entMeta.WithWildcardNamespace().FillAuthzContext(&authzContext)
wildcardEntMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier)
wildcardEntMeta.FillAuthzContext(&authzContext)
if authz.NodeReadAll(&authzContext) != acl.Allow || authz.ServiceReadAll(&authzContext) != acl.Allow {
return nil, acl.ErrPermissionDenied