open-consul/acl
Freddy e96c0e1dad
Fixup authz for data imported from peers (#15347)
There are a few changes that needed to be made to to handle authorizing
reads for imported data:

- If the data was imported from a peer we should not attempt to read the
  data using the traditional authz rules. This is because the name of
  services/nodes in a peer cluster are not equivalent to those of the
  importing cluster.

- If the data was imported from a peer we need to check whether the
  token corresponds to a service, meaning that it has service:write
  permissions, or to a local read only token that can read all
  nodes/services in a namespace.

This required changes at the policyAuthorizer level, since that is the
only view available to OSS Consul, and at the enterprise
partition/namespace level.
2022-11-14 11:36:27 -07:00
..
resolver Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
acl.go update ACLs for cluster peering (#15317) 2022-11-09 13:02:58 -08:00
acl_oss.go Use split wildcard partition name 2022-10-13 16:55:28 -06:00
acl_test.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
authorizer.go Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
authorizer_oss.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
authorizer_test.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
chained_authorizer.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
chained_authorizer_test.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
enterprisemeta_oss.go Add SourcePeer fields to relevant Intentions types (#13390) 2022-06-08 13:24:10 -04:00
errors.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
errors_oss.go Fixups for error messages from ACL Errors (#12620) 2022-03-25 12:34:59 -07:00
errors_test.go Fixups for error messages from ACL Errors (#12620) 2022-03-25 12:34:59 -07:00
policy.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
policy_authorizer.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
policy_authorizer_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
policy_authorizer_test.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
policy_merger.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
policy_merger_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
policy_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
policy_test.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
static_authorizer.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
static_authorizer_test.go acl: remove t.Parallel 2020-11-17 12:37:02 -05:00
testing.go Fixups for error messages from ACL Errors (#12620) 2022-03-25 12:34:59 -07:00
validation.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00