From ad9c10481654c5b5b5a8ff67c0df510d4c581edd Mon Sep 17 00:00:00 2001
From: Kyle Havlovitz <kylehav@gmail.com>
Date: Fri, 10 Dec 2021 15:58:17 -0800
Subject: [PATCH] acl: use wildcard partition in metrics proxy ui endpoint

---
 agent/ui_endpoint.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go
index 71342ada8..dd10d5577 100644
--- a/agent/ui_endpoint.go
+++ b/agent/ui_endpoint.go
@@ -631,9 +631,10 @@ func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Reques
 	//
 	// In enterprise it requires this _in all namespaces_ too.
 	//
-	// TODO(partitions,acls): need to revisit this
+	// In enterprise it requires this _in all namespaces and partitions_ too.
 	var authzContext acl.AuthorizerContext
-	entMeta.WithWildcardNamespace().FillAuthzContext(&authzContext)
+	wildcardEntMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier)
+	wildcardEntMeta.FillAuthzContext(&authzContext)
 
 	if authz.NodeReadAll(&authzContext) != acl.Allow || authz.ServiceReadAll(&authzContext) != acl.Allow {
 		return nil, acl.ErrPermissionDenied