open-consul/agent/consul/state
Freddy e96c0e1dad
Fixup authz for data imported from peers (#15347)
There are a few changes that needed to be made to to handle authorizing
reads for imported data:

- If the data was imported from a peer we should not attempt to read the
  data using the traditional authz rules. This is because the name of
  services/nodes in a peer cluster are not equivalent to those of the
  importing cluster.

- If the data was imported from a peer we need to check whether the
  token corresponds to a service, meaning that it has service:write
  permissions, or to a local read only token that can read all
  nodes/services in a namespace.

This required changes at the policyAuthorizer level, since that is the
only view available to OSS Consul, and at the enterprise
partition/namespace level.
2022-11-14 11:36:27 -07:00
..
acl.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_events.go convert indexSecret to the new index (#11007) 2021-09-10 09:10:11 -04:00
acl_events_test.go acl: global tokens created by auth methods now correctly replicate to secondary datacenters (#9351) 2020-12-09 15:22:29 -06:00
acl_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_test.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
autopilot.go state: use ReadTxn and WriteTxn interface 2021-03-29 18:52:16 -04:00
autopilot_test.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
catalog.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_events.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
catalog_events_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_oss_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_test.go feat: convert destination address to slice 2022-07-25 12:31:58 -04:00
catalog_oss.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_oss_test.go Update expected encoding in test 2022-10-20 14:32:42 -04:00
catalog_schema.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
catalog_test.go Merge branch 'main' into catalog-service-list-filter 2022-08-26 11:16:06 -04:00
config_entry.go Add some extra handling for destination deletes 2022-08-08 11:38:13 -07:00
config_entry_events.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
config_entry_events_test.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
config_entry_intention.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
config_entry_intention_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_entry_oss.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
config_entry_oss_test.go Rename PeerName to Peer on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
config_entry_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
config_entry_test.go chore: update golangci-lint to v1.50.1 (#15022) 2022-10-24 11:48:02 -05:00
connect_ca.go streaming: emit events when Connect CA Roots change (#12590) 2022-03-22 19:13:59 +00:00
connect_ca_events.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
connect_ca_events_test.go Move to using a shared EventPublisher (#12673) 2022-04-12 09:47:42 -04:00
connect_ca_test.go Bump go-control-plane 2022-03-30 13:11:27 -04:00
coordinate.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
coordinate_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
coordinate_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
coordinate_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
delay_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
delay_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
events.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
federation_state.go state: use tableIndex constant 2021-03-29 18:52:20 -04:00
graveyard.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
graveyard_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
graveyard_test.go KV state store refactoring and partitioning (#11510) 2021-11-08 09:35:56 -05:00
index_connect_test.go state: convert services table service and connect indexer 2021-03-29 15:42:24 -04:00
indexer.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
intention.go Egress gtw/intention rpc endpoint (#13354) 2022-06-07 15:55:02 -04:00
intention_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
intention_test.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
kvs.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
kvs_test.go KV state store refactoring and partitioning (#11510) 2021-11-08 09:35:56 -05:00
memdb.go proxycfg: watch service-defaults config entries (#15025) 2022-10-24 12:50:28 -06:00
operations_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
peering.go fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
peering_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
peering_oss_test.go Update peering state and RPC for deferred deletion 2022-06-13 12:10:32 -06:00
peering_test.go fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
prepared_query.go refactor session state store tables to use the new index pattern (#11525) 2021-11-08 16:20:50 -05:00
prepared_query_index.go
prepared_query_index_test.go
prepared_query_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
query.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
query_oss.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
schema.go Implement/Utilize secrets for Peering Replication Stream (#13977) 2022-08-01 10:33:18 -04:00
schema_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
schema_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
schema_test.go Implement/Utilize secrets for Peering Replication Stream (#13977) 2022-08-01 10:33:18 -04:00
session.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
state_store.go Add per-node max indexes (#12399) 2022-06-23 11:13:25 -04:00
state_store_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
state_store_test.go Add support for filtering the 'List Services' API 2022-08-10 16:52:32 -05:00
store_integration_test.go proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
system_metadata.go use const instead of literals for tableIndex (#11039) 2021-09-15 10:24:04 -04:00
system_metadata_test.go server: create new memdb table for storing system metadata (#8703) 2020-10-06 10:08:37 -05:00
tombstone_gc.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
tombstone_gc_test.go
txn.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
txn_test.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
usage.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
usage_oss.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
usage_test.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00