mirror of https://github.com/status-im/consul.git
ENT to OSS sync (#11703)
This commit is contained in:
parent
db91cbf484
commit
54e4d1b7b2
|
@ -2151,7 +2151,7 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
false, // agent:write
|
false, // agent:write
|
||||||
false, // event:read
|
false, // event:read
|
||||||
false, // event:write
|
false, // event:write
|
||||||
true, // intention:read
|
true, // intentions:read
|
||||||
false, // intention:write
|
false, // intention:write
|
||||||
false, // key:read
|
false, // key:read
|
||||||
false, // key:list
|
false, // key:list
|
||||||
|
|
|
@ -605,10 +605,10 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
|
||||||
}
|
}
|
||||||
|
|
||||||
var authzContext acl.AuthorizerContext
|
var authzContext acl.AuthorizerContext
|
||||||
// Go through each entry to ensure we have intention:read for the resource.
|
// Go through each entry to ensure we have intentions:read for the resource.
|
||||||
|
|
||||||
// TODO - should we do this instead of filtering the result set? This will only allow
|
// TODO - should we do this instead of filtering the result set? This will only allow
|
||||||
// queries for which the token has intention:read permissions on the requested side
|
// queries for which the token has intentions:read permissions on the requested side
|
||||||
// of the service. Should it instead return all matches that it would be able to list.
|
// of the service. Should it instead return all matches that it would be able to list.
|
||||||
// if so we should remove this and call filterACL instead. Based on how this is used
|
// if so we should remove this and call filterACL instead. Based on how this is used
|
||||||
// its probably fine. If you have intention read on the source just do a source type
|
// its probably fine. If you have intention read on the source just do a source type
|
||||||
|
|
|
@ -7,12 +7,13 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/pool"
|
"github.com/hashicorp/consul/agent/pool"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
"github.com/hashicorp/consul/tlsutil"
|
"github.com/hashicorp/consul/tlsutil"
|
||||||
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
|
func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
|
||||||
|
@ -24,7 +25,9 @@ func rpcClient(t *testing.T, s *Server) rpc.ClientCodec {
|
||||||
|
|
||||||
// Write the Consul RPC byte to set the mode
|
// Write the Consul RPC byte to set the mode
|
||||||
conn.Write([]byte{byte(pool.RPCConsul)})
|
conn.Write([]byte{byte(pool.RPCConsul)})
|
||||||
return msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle)
|
codec := msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle)
|
||||||
|
t.Cleanup(func() { codec.Close() })
|
||||||
|
return codec
|
||||||
}
|
}
|
||||||
|
|
||||||
func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) {
|
func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) {
|
||||||
|
|
Loading…
Reference in New Issue