mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
d85fc535fb
When using the no-auth acl resolver (the case for most controllers and the get-envoy-boostrap-params endpoint), ResolveTokenAndDefaultMeta method only returns an acl resolver. However, the resource service relies on the ent meta to be filled in to do the tenancy defaulting and inheriting it from the token when one is present. So this change makes sure that the ent meta defaulting always happens in the ACL resolver.
20 lines
688 B
Go
20 lines
688 B
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package resolver
|
|
|
|
import (
|
|
"github.com/hashicorp/consul/acl"
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
)
|
|
|
|
// DANGER_NO_AUTH implements an ACL resolver short-circuit authorization in
|
|
// cases where it is handled somewhere else or expressly not required.
|
|
type DANGER_NO_AUTH struct{}
|
|
|
|
// ResolveTokenAndDefaultMeta returns an authorizer with unfettered permissions.
|
|
func (DANGER_NO_AUTH) ResolveTokenAndDefaultMeta(_ string, entMeta *acl.EnterpriseMeta, _ *acl.AuthorizerContext) (Result, error) {
|
|
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
|
return Result{Authorizer: acl.ManageAll()}, nil
|
|
}
|