From 0c94095dfd7cd633cd7d57e2ff3306681b642819 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Wed, 13 Oct 2021 09:18:16 -0500 Subject: [PATCH] acl: fix bug in 'consul members' filtering with partitions (#11263) --- .changelog/11263.txt | 3 +++ agent/acl.go | 2 +- agent/acl_oss.go | 13 +++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 .changelog/11263.txt create mode 100644 agent/acl_oss.go diff --git a/.changelog/11263.txt b/.changelog/11263.txt new file mode 100644 index 0000000000..592bbbc41e --- /dev/null +++ b/.changelog/11263.txt @@ -0,0 +1,3 @@ +```release-note:bug +acl: **(Enterprise only)** Fix bug in 'consul members' filtering with partitions. +``` diff --git a/agent/acl.go b/agent/acl.go index 10a1c3feeb..5130a608d8 100644 --- a/agent/acl.go +++ b/agent/acl.go @@ -150,11 +150,11 @@ func (a *Agent) filterMembers(token string, members *[]serf.Member) error { } var authzContext acl.AuthorizerContext - a.agentEnterpriseMeta().FillAuthzContext(&authzContext) // Filter out members based on the node policy. m := *members for i := 0; i < len(m); i++ { node := m[i].Name + serfMemberFillAuthzContext(&m[i], &authzContext) if authz.NodeRead(node, &authzContext) == acl.Allow { continue } diff --git a/agent/acl_oss.go b/agent/acl_oss.go new file mode 100644 index 0000000000..a04603731d --- /dev/null +++ b/agent/acl_oss.go @@ -0,0 +1,13 @@ +// +build !consulent + +package agent + +import ( + "github.com/hashicorp/serf/serf" + + "github.com/hashicorp/consul/acl" +) + +func serfMemberFillAuthzContext(m *serf.Member, ctx *acl.AuthorizerContext) { + // no-op +}