github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add warn log when all ACL policies are filtered out (#15632)

Browse Source
pull/15671/head
Chris S. Kim 2 years ago committed by GitHub
parent 692a6fdecf
commit c046d1a4d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
agent/consul/acl.go
Unescape View File

@ -632,6 +632,10 @@ func (r *ACLResolver) resolvePoliciesForIdentity(identity structs.ACLIdentity) (
policies = append(policies, syntheticPolicies...)
filtered := r.filterPoliciesByScope(policies)
if len(policies) > 0 && len(filtered) == 0 {
r.logger.Warn("ACL token used lacks permissions in this datacenter: its associated ACL policies, service identities, and/or node identities are scoped to other datacenters", "accessor_id", identity.ID(), "datacenter", r.config.Datacenter)
}
return filtered, nil
}

Write Preview
Loading…
Cancel
Save