mirror of https://github.com/status-im/consul.git
acl: default tenancy with the no-auth ACL resolver (#19006)
When using the no-auth acl resolver (the case for most controllers and the get-envoy-boostrap-params endpoint), ResolveTokenAndDefaultMeta method only returns an acl resolver. However, the resource service relies on the ent meta to be filled in to do the tenancy defaulting and inheriting it from the token when one is present. So this change makes sure that the ent meta defaulting always happens in the ACL resolver.
This commit is contained in:
parent
06c15d0656
commit
d85fc535fb
|
@ -3,13 +3,17 @@
|
||||||
|
|
||||||
package resolver
|
package resolver
|
||||||
|
|
||||||
import "github.com/hashicorp/consul/acl"
|
import (
|
||||||
|
"github.com/hashicorp/consul/acl"
|
||||||
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
|
)
|
||||||
|
|
||||||
// DANGER_NO_AUTH implements an ACL resolver short-circuit authorization in
|
// DANGER_NO_AUTH implements an ACL resolver short-circuit authorization in
|
||||||
// cases where it is handled somewhere else or expressly not required.
|
// cases where it is handled somewhere else or expressly not required.
|
||||||
type DANGER_NO_AUTH struct{}
|
type DANGER_NO_AUTH struct{}
|
||||||
|
|
||||||
// ResolveTokenAndDefaultMeta returns an authorizer with unfettered permissions.
|
// ResolveTokenAndDefaultMeta returns an authorizer with unfettered permissions.
|
||||||
func (DANGER_NO_AUTH) ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (Result, error) {
|
func (DANGER_NO_AUTH) ResolveTokenAndDefaultMeta(_ string, entMeta *acl.EnterpriseMeta, _ *acl.AuthorizerContext) (Result, error) {
|
||||||
|
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
||||||
return Result{Authorizer: acl.ManageAll()}, nil
|
return Result{Authorizer: acl.ManageAll()}, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue