mirror of https://github.com/status-im/consul.git
dfea3a0efe
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] |
||
|---|---|---|
| .. | ||
| resolver | ||
| MockAuthorizer.go | ||
| acl.go | ||
| acl_ce.go | ||
| acl_test.go | ||
| authorizer.go | ||
| authorizer_ce.go | ||
| authorizer_test.go | ||
| chained_authorizer.go | ||
| chained_authorizer_test.go | ||
| enterprisemeta_ce.go | ||
| errors.go | ||
| errors_ce.go | ||
| errors_test.go | ||
| policy.go | ||
| policy_authorizer.go | ||
| policy_authorizer_ce.go | ||
| policy_authorizer_test.go | ||
| policy_ce.go | ||
| policy_merger.go | ||
| policy_merger_ce.go | ||
| policy_test.go | ||
| static_authorizer.go | ||
| static_authorizer_test.go | ||
| testing.go | ||
| validation.go | ||
| validation_test.go | ||