From 5fed1b5dc33d0aa1a65afb51786ad40292543332 Mon Sep 17 00:00:00 2001
From: Ryan Uber <ru@ryanuber.com>
Date: Wed, 10 Jun 2015 18:40:40 -0700
Subject: [PATCH] consul: filter internal endpoints for acls

---
 consul/acl.go | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/consul/acl.go b/consul/acl.go
index 66bea46180..dc0d7e911d 100644
--- a/consul/acl.go
+++ b/consul/acl.go
@@ -290,6 +290,32 @@ func (s *Server) applyDiscoveryACLs(token string, subj interface{}) error {
 			v.Nodes = append(v.Nodes[:i], v.Nodes[i+1:]...)
 			i--
 		}
+
+	// Filter node dumps
+	case *structs.IndexedNodeDump:
+		for i := 0; i < len(v.Dump); i++ {
+			dump := v.Dump[i]
+
+			// Filter the services
+			for i := 0; i < len(dump.Services); i++ {
+				svc := dump.Services[i]
+				if filt(svc.Service) {
+					continue
+				}
+				dump.Services = append(dump.Services[:i], dump.Services[i+1:]...)
+				i--
+			}
+
+			// Filter the checks
+			for i := 0; i < len(dump.Checks); i++ {
+				chk := dump.Checks[i]
+				if filt(chk.ServiceName) {
+					continue
+				}
+				dump.Checks = append(dump.Checks[:i], dump.Checks[i+1:]...)
+				i--
+			}
+		}
 	}
 
 	return nil