From 709932f088fcc7f8fa30eec67ff58bd1c1646cce Mon Sep 17 00:00:00 2001 From: Freddy Date: Wed, 11 Mar 2020 12:08:49 -0600 Subject: [PATCH] Update MSP token and filtering (#7431) --- agent/consul/acl_server.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go index 086219a127..eb5024acd4 100644 --- a/agent/consul/acl_server.go +++ b/agent/consul/acl_server.go @@ -226,7 +226,7 @@ func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLI // ResolveTokenIdentityAndDefaultMeta retrieves an identity and authorizer for the caller, // and populates the EnterpriseMeta based on the AuthorizerContext. func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (structs.ACLIdentity, acl.Authorizer, error) { - identity, authz, err := s.acls.ResolveTokenToIdentityAndAuthorizer(token) + identity, authz, err := s.ResolveTokenToIdentityAndAuthorizer(token) if err != nil { return nil, nil, err } @@ -252,6 +252,9 @@ func (s *Server) ResolveTokenAndDefaultMeta(token string, entMeta *structs.Enter } func (s *Server) filterACL(token string, subj interface{}) error { + if id, authz := s.ResolveEntTokenToIdentityAndAuthorizer(token); id != nil && authz != nil { + return s.acls.filterACLWithAuthorizer(authz, subj) + } return s.acls.filterACL(token, subj) }