status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/internal/resource
History
R.B. Boyer ef6f2494c7
resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925) 
The ACLs.Read hook for a resource only allows for the identity of a 
resource to be passed in for use in authz consideration. For some 
resources we wish to allow for the current stored value to dictate how 
to enforce the ACLs (such as reading a list of applicable services from 
the payload and allowing service:read on any of them to control reading the enclosing resource).

This change update the interface to usually accept a *pbresource.ID, 
but if the hook decides it needs more data it returns a sentinel error 
and the resource service knows to defer the authz check until after
 fetching the data from storage.
 		2023-09-22 09:53:55 -05:00
..
demo resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925) 2023-09-22 09:53:55 -05:00
http fix: write endpoint errors out gracefully (#18743) 2023-09-12 09:22:15 -04:00
mappers/bimapper xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) 2023-09-12 12:56:43 -07:00
protoc-gen-resource-types Add protoc generator to emit resource type variables (#18957) 2023-09-21 17:18:47 -04:00
reaper [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
resourcetest mesh: make FailoverPolicy work in xdsv2 and ProxyStateTemplate (#18900) 2023-09-20 11:59:01 -05:00
testdata Add type validations for the catalog resources (#17211) 2023-05-12 09:24:55 -04:00
authz.go resource: ensure resource.AuthorizerContext properly strips the local… (#18908) 2023-09-19 17:14:15 -05:00
authz_ce.go resource: ensure resource.AuthorizerContext properly strips the local… (#18908) 2023-09-19 17:14:15 -05:00
authz_ce_test.go resource: ensure resource.AuthorizerContext properly strips the local… (#18908) 2023-09-19 17:14:15 -05:00
decode.go mesh: adding type aliases for mesh resource usage (#18448) 2023-08-22 12:31:06 -05:00
decode_test.go resource: Require scope for resource registration (#18635) 2023-09-01 09:44:53 -05:00
equality.go bimapper: allow to untrack links and support reference or id (#18451) 2023-08-17 18:03:05 -06:00
equality_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
errors.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
errors_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
reference.go mesh: Wire ComputedRoutes into the ProxyStateTemplate via the sidecar controller (#18752) 2023-09-14 17:19:04 -05:00
refkey.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
refkey_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
registry.go resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925) 2023-09-22 09:53:55 -05:00
registry_test.go resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925) 2023-09-22 09:53:55 -05:00
stringer.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
tenancy.go add v2 tenancy bridge Flag and v2 Tenancy Bridge initial implementation (#18830) 2023-09-18 12:25:05 -04:00
tenancy_bridge_ce.go add v2 tenancy bridge Flag and v2 Tenancy Bridge initial implementation (#18830) 2023-09-18 12:25:05 -04:00
tenancy_test.go resource: add helper to normalize inner Reference tenancy during mutate (#18765) 2023-09-13 12:08:12 -05:00
tombstone.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00