From 54e4d1b7b27ae3c39526eef07100465f6a6159ab Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Wed, 1 Dec 2021 14:56:10 -0500 Subject: [PATCH] ENT to OSS sync (#11703) --- agent/acl_endpoint_test.go | 2 +- agent/consul/intention_endpoint.go | 4 ++-- agent/consul/status_endpoint_test.go | 9 ++++++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index 9c149c60ef..0b8111b880 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -2151,7 +2151,7 @@ func TestACL_Authorize(t *testing.T) { false, // agent:write false, // event:read false, // event:write - true, // intention:read + true, // intentions:read false, // intention:write false, // key:read false, // key:list diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go index f5ffaaa3ee..4f6da3b9bb 100644 --- a/agent/consul/intention_endpoint.go +++ b/agent/consul/intention_endpoint.go @@ -605,10 +605,10 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In } var authzContext acl.AuthorizerContext - // Go through each entry to ensure we have intention:read for the resource. + // Go through each entry to ensure we have intentions:read for the resource. // TODO - should we do this instead of filtering the result set? This will only allow - // queries for which the token has intention:read permissions on the requested side + // queries for which the token has intentions:read permissions on the requested side // of the service. Should it instead return all matches that it would be able to list. // if so we should remove this and call filterACL instead. Based on how this is used // its probably fine. If you have intention read on the source just do a source type diff --git a/agent/consul/status_endpoint_test.go b/agent/consul/status_endpoint_test.go index 1c4afa4ce1..ee27b2d783 100644 --- a/agent/consul/status_endpoint_test.go +++ b/agent/consul/status_endpoint_test.go @@ -7,12 +7,13 @@ import ( "testing" "time" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/tlsutil" - msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/require" ) func rpcClient(t *testing.T, s *Server) rpc.ClientCodec { @@ -24,7 +25,9 @@ func rpcClient(t *testing.T, s *Server) rpc.ClientCodec { // Write the Consul RPC byte to set the mode conn.Write([]byte{byte(pool.RPCConsul)}) - return msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle) + codec := msgpackrpc.NewCodecFromHandle(true, true, conn, structs.MsgpackHandle) + t.Cleanup(func() { codec.Close() }) + return codec } func insecureRPCClient(s *Server, c tlsutil.Config) (rpc.ClientCodec, error) {