consul/agent
Freddy c58f86a00f
Fixup authz for data imported from peers (#15347)
There are a few changes that needed to be made to to handle authorizing
reads for imported data:

- If the data was imported from a peer we should not attempt to read the
  data using the traditional authz rules. This is because the name of
  services/nodes in a peer cluster are not equivalent to those of the
  importing cluster.

- If the data was imported from a peer we need to check whether the
  token corresponds to a service, meaning that it has service:write
  permissions, or to a local read only token that can read all
  nodes/services in a namespace.

This required changes at the policyAuthorizer level, since that is the
only view available to OSS Consul, and at the enterprise
partition/namespace level.
2022-11-14 11:36:27 -07:00
..
ae sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
auto-config removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
cache cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956) 2022-10-25 10:27:26 -05:00
cache-types Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
checks removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
config Prevent serving TLS via ports.grpc (#15339) 2022-11-11 14:29:22 -06:00
configentry Fix mesh gateway configuration with proxy-defaults (#15186) 2022-11-09 10:14:29 -06:00
connect connect: strip port from DNS SANs for ingress gateway leaf cert (#15320) 2022-11-14 10:27:03 -08:00
consul Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
debug bulk rewrite using this script 2022-01-20 10:46:23 -06:00
dns test: fix incorrect use of t instead of r in retry test (#13146) 2022-05-19 14:00:07 -05:00
exec re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
grpc-external chore: remove unused argument from MergeNodeServiceWithCentralConfig (#15024) 2022-11-09 14:54:57 +00:00
grpc-internal Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
grpc-middleware Added check for empty peeringsni in restrictPeeringEndpoints (#15239) 2022-11-02 17:20:52 -05:00
hcp removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
local Merge pull request #13499 from maxb/delete-unused-metric 2022-08-01 12:31:05 -06:00
metadata Change serf-tag references to field references. 2022-08-31 16:38:42 -05:00
mock
pool removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
proxycfg removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
proxycfg-glue Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
proxycfg-sources chore: remove unused argument from MergeNodeServiceWithCentralConfig (#15024) 2022-11-09 14:54:57 +00:00
router Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
routine-leak-checker removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
rpc [OSS] fix: wait and try longer to peer through mesh gw (#15328) 2022-11-10 13:54:00 -05:00
rpcclient/health test: fix flaky TestHealthServiceNodes_NodeMetaFilter by waiting until the streaming subsystem has a valid grpc connection (#15019) 2022-10-24 13:09:53 -05:00
structs Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
submatview Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
systemd
token removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
uiserver removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
xds removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
acl.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go
acl_endpoint_test.go [OSS] Add new peering ACL rule (#13848) 2022-07-22 14:42:23 -06:00
acl_oss.go agent: support `X-Consul-Results-Filtered-By-ACLs` header in agent-local endpoints (#11610) 2021-12-03 20:36:28 +00:00
acl_test.go test: ensure that all dependencies in a test agent use the test logger (#14996) 2022-10-24 17:02:38 -05:00
agent.go Prevent serving TLS via ports.grpc (#15339) 2022-11-11 14:29:22 -06:00
agent_endpoint.go Merge branch 'main' of github.com:hashicorp/consul into derekm/split-grpc-ports 2022-09-08 14:53:08 -05:00
agent_endpoint_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent_endpoint_oss_test.go Add oss test 2022-05-09 10:07:19 -07:00
agent_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
agent_oss.go proxycfg: replace direct agent cache usage with interfaces (#13320) 2022-06-01 16:18:06 +01:00
agent_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
apiserver.go
apiserver_test.go
catalog_endpoint.go [OSS] Support merge-central-config option in node services list API (#13450) 2022-06-15 08:30:31 -07:00
catalog_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
catalog_endpoint_test.go block PeerName register requests (#13887) 2022-07-29 14:36:22 -07:00
check.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
config_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_auth.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
coordinate_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
coordinate_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
delegate_mock_test.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
discovery_chain_endpoint_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
dns.go Bind a dns mux handler to gRPC proxy 2022-09-29 21:44:45 -07:00
dns_oss.go Parse peer name for virtual IP DNS queries (#13602) 2022-07-06 10:30:04 -06:00
dns_test.go Bind a dns mux handler to gRPC proxy 2022-09-29 21:44:45 -07:00
enterprise_delegate_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
event_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
event_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
federation_state_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint_test.go test: fix flaky TestHealthServiceNodes_NodeMetaFilter by waiting until the streaming subsystem has a valid grpc connection (#15019) 2022-10-24 13:09:53 -05:00
http.go Allow consul debug on non-ACL consul servers (#15155) 2022-10-27 09:25:18 -04:00
http_decode_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
http_oss.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http_oss_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
http_register.go Add new internal endpoint to list exported services to a peer 2022-09-23 09:43:56 -04:00
http_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
intentions_endpoint.go oss: peering, http: get peer service intentions (#2098) 2022-06-22 16:25:09 -07:00
intentions_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
intentions_endpoint_test.go test: possibly fix flake in TestIntentionGetExact (#15021) 2022-10-18 10:51:20 -05:00
keyring.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
keyring_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
kvs_endpoint.go Fix KVSGet method to handle QueryOptions properly (#13344) 2022-06-02 12:26:18 -04:00
kvs_endpoint_test.go
metrics.go
metrics_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
nodeid.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
nodeid_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
notify.go
notify_test.go
operator_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
operator_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
operator_endpoint_test.go
peering_endpoint.go Support Stale Queries for Trust Bundle Lookups (#14724) 2022-09-28 09:56:59 -07:00
peering_endpoint_oss_test.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
peering_endpoint_test.go Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267) 2022-11-08 14:55:18 -06:00
prepared_query_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
prepared_query_endpoint_test.go Add Cluster Peering Failover Support to Prepared Queries (#13835) 2022-07-22 09:14:43 -04:00
reload.go
remote_exec.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
remote_exec_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
retry_join.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
retry_join_test.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
service_checks_test.go Service http checks data source for agentless proxies (#14924) 2022-10-12 07:49:56 -07:00
service_manager.go Merge central config for GetEnvoyBootstrapParams (#14869) 2022-10-10 12:40:27 -05:00
service_manager_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
session_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
session_endpoint_test.go
setup.go test: ensure that all dependencies in a test agent use the test logger (#14996) 2022-10-24 17:02:38 -05:00
setup_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
sidecar_service.go PR #14057 follow up fix: service id parsing from sidecar id (#14541) 2022-09-09 09:47:10 -05:00
sidecar_service_test.go Backport test from ENT: "Fix missing test fields" (#15258) 2022-11-04 09:29:16 -05:00
signal_unix.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
signal_windows.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go
status_endpoint_test.go
streaming_test.go
testagent.go cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956) 2022-10-25 10:27:26 -05:00
testagent_test.go
translate_addr.go
txn_endpoint.go Merge pull request #13388 from deblasis/feature/health-checks_windows_service 2022-10-17 09:26:19 -04:00
txn_endpoint_test.go increase the size of txn to support vault (#14599) 2022-09-19 09:07:19 -07:00
ui_endpoint.go Add new internal endpoint to list exported services to a peer 2022-09-23 09:43:56 -04:00
ui_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
ui_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
user_event.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
user_event_test.go chore: removed unused method AddService (#13905) 2022-07-26 16:54:53 -04:00
util.go
util_test.go
watch_handler.go
watch_handler_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00