From 36246c579110b06c7b8d3c7a7b0d700d055c2020 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 30 Nov 2021 13:17:41 -0500 Subject: [PATCH] acl: Fill authzContext from token in Coordinate endpoints (#11688) --- agent/consul/coordinate_endpoint.go | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/agent/consul/coordinate_endpoint.go b/agent/consul/coordinate_endpoint.go index 896d374bc5..b35d8b2609 100644 --- a/agent/consul/coordinate_endpoint.go +++ b/agent/consul/coordinate_endpoint.go @@ -142,7 +142,8 @@ func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct } // Fetch the ACL token, if any, and enforce the node policy if enabled. - authz, err := c.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, nil) + var authzContext acl.AuthorizerContext + authz, err := c.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext) if err != nil { return err } @@ -151,8 +152,6 @@ func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct return err } - var authzContext acl.AuthorizerContext - args.FillAuthzContext(&authzContext) if authz.NodeWrite(args.Node, &authzContext) != acl.Allow { return acl.ErrPermissionDenied } @@ -236,8 +235,8 @@ func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.Inde } // Fetch the ACL token, if any, and enforce the node policy if enabled. - - authz, err := c.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, nil) + var authzContext acl.AuthorizerContext + authz, err := c.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext) if err != nil { return err } @@ -246,8 +245,6 @@ func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.Inde return err } - var authzContext acl.AuthorizerContext - args.FillAuthzContext(&authzContext) if authz.NodeRead(args.Node, &authzContext) != acl.Allow { return acl.ErrPermissionDenied }