mirror of https://github.com/status-im/consul.git
c58f86a00f
There are a few changes that needed to be made to to handle authorizing reads for imported data: - If the data was imported from a peer we should not attempt to read the data using the traditional authz rules. This is because the name of services/nodes in a peer cluster are not equivalent to those of the importing cluster. - If the data was imported from a peer we need to check whether the token corresponds to a service, meaning that it has service:write permissions, or to a local read only token that can read all nodes/services in a namespace. This required changes at the policyAuthorizer level, since that is the only view available to OSS Consul, and at the enterprise partition/namespace level. |
||
|---|---|---|
| .. | ||
| resolver | ||
| acl.go | ||
| acl_oss.go | ||
| acl_test.go | ||
| authorizer.go | ||
| authorizer_oss.go | ||
| authorizer_test.go | ||
| chained_authorizer.go | ||
| chained_authorizer_test.go | ||
| enterprisemeta_oss.go | ||
| errors.go | ||
| errors_oss.go | ||
| errors_test.go | ||
| policy.go | ||
| policy_authorizer.go | ||
| policy_authorizer_oss.go | ||
| policy_authorizer_test.go | ||
| policy_merger.go | ||
| policy_merger_oss.go | ||
| policy_oss.go | ||
| policy_test.go | ||
| static_authorizer.go | ||
| static_authorizer_test.go | ||
| testing.go | ||
| validation.go | ||