backport of commit 4bb7d00c22 (#17210)

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-05-02 16:46:53 -04:00 · 2023-05-02 16:46:53 -04:00 · 4fd91e87ce
parent 0045304ff5
commit 4fd91e87ce
1 changed files with 4 additions and 2 deletions
--- a/agent/proxycfg-glue/resolved_service_config.go
+++ b/agent/proxycfg-glue/resolved_service_config.go
@ -6,6 +6,7 @@ import (

 	"github.com/hashicorp/go-memdb"

+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/cache"
 	cachetype "github.com/hashicorp/consul/agent/cache-types"
 	"github.com/hashicorp/consul/agent/configentry"
@ -43,12 +44,13 @@ func (s *serverResolvedServiceConfig) Notify(ctx context.Context, req *structs.S

 	return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore,
 		func(ws memdb.WatchSet, store Store) (uint64, *structs.ServiceConfigResponse, error) {
-			authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, nil)
+			var authzContext acl.AuthorizerContext
+			authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, &authzContext)
 			if err != nil {
 				return 0, nil, err
 			}

-			if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.Name, nil); err != nil {
+			if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.Name, &authzContext); err != nil {
 				return 0, nil, err
 			}