Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>
2023-07-31 13:31:27 -07:00 · 2023-07-31 13:31:27 -07:00 · 9878915cee
parent d54e3a9939
commit 9878915cee
2 changed files with 7 additions and 1 deletions
--- a/.changelog/18319.txt
+++ b/.changelog/18319.txt
@ -1,4 +1,6 @@
 ```release-note:improvement
 acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
+```
+```release-note:improvement
 acl: allow for a single slash character in policy names
 ```
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@ -469,7 +469,11 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 	return nil
 }

-func (s *Server) initializePolicy(newPolicy structs.ACLPolicy) error {
+// writeBuiltinACLPolicy writes the given built-in policy to Raft if the policy
+// is not found or if the policy rules have been changed. The name and 
+// description of a built-in policy are user-editable and must be preserved
+// during updates. This function must only be called in a primary datacenter.
+func (s *Server) writeBuiltinACLPolicy(newPolicy structs.ACLPolicy) error {
 	_, policy, err := s.fsm.State().ACLPolicyGetByID(nil, newPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
 	if err != nil {
 		return fmt.Errorf("failed to get the builtin %s policy", newPolicy.Name)