8 Commits

Author	SHA1	Message	Date
freddygv	0a4ff4bb91	Prefer concrete policyAuthorizer type ... There will only ever be policyAuthorizers embedded in namespaceAuthorizers, this commit swaps out the interface in favor of the concrete type.	2021-10-27 12:50:19 -06:00
Kyle Havlovitz	d03f849e49	acl: Expand ServiceRead logic to look at service-exports for cross-partition	2021-10-26 23:41:32 -06:00
R.B. Boyer	ee372a854a	acl: adding a new mesh resource	2021-09-03 09:12:03 -04:00
Daniel Nephin	a10283a313	acl: remove t.Parallel ... These tests run faster without it, and it was causing races in enterprise tests.	2020-11-17 12:37:02 -05:00
R.B. Boyer	6ba776b4f3	agent: protect the ui metrics proxy endpoint behind ACLs (#9099) ... This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.	2020-11-04 12:50:03 -06:00
Daniel Nephin	068b43df90	Enable gofmt simplify ... Code changes done automatically with 'gofmt -s -w'	2020-06-16 13:21:11 -04:00
Matt Keeler	0b346616e9	Rename EnterpriseAuthorizerContext -> AuthorizerContext	2019-12-18 13:43:24 -05:00
Matt Keeler	deb91f3d3c	[Feature] API: Add a internal endpoint to query for ACL authori… (#6888) ... * Implement endpoint to query whether the given token is authorized for a set of operations * Updates to allow for remote ACL authorization via RPC This is only used when making an authorization request to a different datacenter.	2019-12-06 09:25:26 -05:00