diff --git a/.changelog/11263.txt b/.changelog/11263.txt new file mode 100644 index 0000000000..592bbbc41e --- /dev/null +++ b/.changelog/11263.txt @@ -0,0 +1,3 @@ +```release-note:bug +acl: **(Enterprise only)** Fix bug in 'consul members' filtering with partitions. +``` diff --git a/agent/acl.go b/agent/acl.go index 10a1c3feeb..5130a608d8 100644 --- a/agent/acl.go +++ b/agent/acl.go @@ -150,11 +150,11 @@ func (a *Agent) filterMembers(token string, members *[]serf.Member) error { } var authzContext acl.AuthorizerContext - a.agentEnterpriseMeta().FillAuthzContext(&authzContext) // Filter out members based on the node policy. m := *members for i := 0; i < len(m); i++ { node := m[i].Name + serfMemberFillAuthzContext(&m[i], &authzContext) if authz.NodeRead(node, &authzContext) == acl.Allow { continue } diff --git a/agent/acl_oss.go b/agent/acl_oss.go new file mode 100644 index 0000000000..a04603731d --- /dev/null +++ b/agent/acl_oss.go @@ -0,0 +1,13 @@ +// +build !consulent + +package agent + +import ( + "github.com/hashicorp/serf/serf" + + "github.com/hashicorp/consul/acl" +) + +func serfMemberFillAuthzContext(m *serf.Member, ctx *acl.AuthorizerContext) { + // no-op +}