mirror of https://github.com/status-im/consul.git
ENT to OSS sync (#11703)
This commit is contained in:
parent
db91cbf484
commit
54e4d1b7b2
|
@ -2151,7 +2151,7 @@ func TestACL_Authorize(t *testing.T) {
|
|||
false, // agent:write
|
||||
false, // event:read
|
||||
false, // event:write
|
||||
true, // intention:read
|
||||
true, // intentions:read
|
||||
false, // intention:write
|
||||
false, // key:read
|
||||
false, // key:list
|
||||
|
|
|
@ -605,10 +605,10 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
|
|||
}
|
||||
|
||||
var authzContext acl.AuthorizerContext
|
||||
// Go through each entry to ensure we have intention:read for the resource.
|
||||
// Go through each entry to ensure we have intentions:read for the resource.
|
||||
|
||||
// TODO - should we do this instead of filtering the result set? This will only allow
|
||||
// queries for which the token has intention:read permissions on the requested side
|
||||
// queries for which the token has intentions:read permissions on the requested side
|
||||
// of the service. Should it instead return all matches that it would be able to list.
|
||||
// if so we should remove this and call filterACL instead. Based on how this is used
|
||||
// its probably fine. If you have intention read on the source just do a source type
|
||||
|
|
|
@ -7,12 +7,13 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/agent/pool"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/testrpc"
|
||||
"github.com/hashicorp/consul/tlsutil"
|
||||
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
|
||||
|
@ -24,7 +25,9 @@ func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
|
|||
|
||||
// Write the Consul RPC byte to set the mode
|
||||
conn.Write([]byte{byte(pool.RPCConsul)})
|
||||
return msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle)
|
||||
codec := msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle)
|
||||
t.Cleanup(func() { codec.Close() })
|
||||
return codec
|
||||
}
|
||||
|
||||
func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) {
|
||||
|
|
Loading…
Reference in New Issue