From 54ac5adb086e331485a2d9097680208f214e6531 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Thu, 10 May 2018 22:37:02 -0700
Subject: [PATCH] agent: comments to point to differing logic

---
 agent/agent_endpoint.go            | 3 +++
 agent/consul/intention_endpoint.go | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go
index 0342d1fd44..b52abc7320 100644
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@@ -1106,6 +1106,9 @@ func (s *HTTPServer) agentLocalBlockingQuery(resp http.ResponseWriter, hash stri
 // AgentConnectAuthorize
 //
 // POST /v1/agent/connect/authorize
+//
+// Note: when this logic changes, consider if the Intention.Test RPC method
+// also needs to be updated.
 func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Fetch the token
 	var token string
diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go
index 7662ea8522..2bae56f5ea 100644
--- a/agent/consul/intention_endpoint.go
+++ b/agent/consul/intention_endpoint.go
@@ -256,6 +256,10 @@ func (s *Intention) Match(
 
 // Test tests a source/destination and returns whether it would be allowed
 // or denied based on the current ACL configuration.
+//
+// Note: Whenever the logic for this method is changed, you should take
+// a look at the agent authorize endpoint (agent/agent_endpoint.go) since
+// the logic there is similar.
 func (s *Intention) Test(
 	args *structs.IntentionQueryRequest,
 	reply *structs.IntentionQueryTestResponse) error {