open-consul/agent/consul/state
Freddy e96c0e1dad
Fixup authz for data imported from peers (#15347)
There are a few changes that needed to be made to to handle authorizing
reads for imported data:

- If the data was imported from a peer we should not attempt to read the
  data using the traditional authz rules. This is because the name of
  services/nodes in a peer cluster are not equivalent to those of the
  importing cluster.

- If the data was imported from a peer we need to check whether the
  token corresponds to a service, meaning that it has service:write
  permissions, or to a local read only token that can read all
  nodes/services in a namespace.

This required changes at the policyAuthorizer level, since that is the
only view available to OSS Consul, and at the enterprise
partition/namespace level.
2022-11-14 11:36:27 -07:00
..
acl.go
acl_events.go
acl_events_test.go
acl_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_oss_test.go
acl_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_test.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
autopilot.go
autopilot_test.go
catalog.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_events.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
catalog_events_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_oss_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_test.go feat: convert destination address to slice 2022-07-25 12:31:58 -04:00
catalog_oss.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_oss_test.go Update expected encoding in test 2022-10-20 14:32:42 -04:00
catalog_schema.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_test.go Merge branch 'main' into catalog-service-list-filter 2022-08-26 11:16:06 -04:00
config_entry.go Add some extra handling for destination deletes 2022-08-08 11:38:13 -07:00
config_entry_events.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
config_entry_events_test.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
config_entry_intention.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
config_entry_intention_oss.go
config_entry_oss.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
config_entry_oss_test.go Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
config_entry_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
config_entry_test.go chore: update golangci-lint to v1.50.1 (#15022) 2022-10-24 11:48:02 -05:00
connect_ca.go
connect_ca_events.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
connect_ca_events_test.go Move to using a shared EventPublisher (#12673) 2022-04-12 09:47:42 -04:00
connect_ca_test.go
coordinate.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
coordinate_oss.go
coordinate_oss_test.go
coordinate_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
delay_oss.go
delay_test.go
events.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
federation_state.go
graveyard.go
graveyard_oss.go
graveyard_test.go
index_connect_test.go
indexer.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
intention.go Egress gtw/intention rpc endpoint (#13354) 2022-06-07 15:55:02 -04:00
intention_oss.go
intention_test.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
kvs.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss_test.go
kvs_test.go
memdb.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
operations_oss.go
peering.go fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
peering_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
peering_oss_test.go Update peering state and RPC for deferred deletion 2022-06-13 12:10:32 -06:00
peering_test.go fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
prepared_query.go
prepared_query_index.go
prepared_query_index_test.go
prepared_query_test.go
query.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
query_oss.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
schema.go Implement/Utilize secrets for Peering Replication Stream (#13977) 2022-08-01 10:33:18 -04:00
schema_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
schema_oss_test.go
schema_test.go Implement/Utilize secrets for Peering Replication Stream (#13977) 2022-08-01 10:33:18 -04:00
session.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
state_store.go Add per-node max indexes (#12399) 2022-06-23 11:13:25 -04:00
state_store_oss_test.go
state_store_test.go Add support for filtering the 'List Services' API 2022-08-10 16:52:32 -05:00
store_integration_test.go proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
system_metadata.go
system_metadata_test.go
tombstone_gc.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
tombstone_gc_test.go
txn.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
txn_test.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
usage.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
usage_oss.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
usage_test.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00