diff --git a/consul/internal_endpoint.go b/consul/internal_endpoint.go index a950a72c1f..3e64467eff 100644 --- a/consul/internal_endpoint.go +++ b/consul/internal_endpoint.go @@ -57,6 +57,17 @@ func (m *Internal) EventFire(args *structs.EventFireRequest, return err } + // Check ACLs + acl, err := m.srv.resolveToken(args.Token) + if err != nil { + return err + } + + if acl != nil && !acl.EventWrite(args.Name) { + m.srv.logger.Printf("[WARN] consul: user event %q blocked by ACLs", args.Name) + return permissionDeniedErr + } + // Set the query meta data m.srv.setQueryMeta(&reply.QueryMeta) diff --git a/consul/internal_endpoint_test.go b/consul/internal_endpoint_test.go index 4857b76001..5e29a9bc26 100644 --- a/consul/internal_endpoint_test.go +++ b/consul/internal_endpoint_test.go @@ -325,3 +325,37 @@ func TestInternal_NodeDump_FilterACL(t *testing.T) { } } } + +func TestInternal_EventFire_Token(t *testing.T) { + dir, srv := testServerWithConfig(t, func(c *Config) { + c.ACLDatacenter = "dc1" + c.ACLMasterToken = "root" + c.ACLDownPolicy = "deny" + c.ACLDefaultPolicy = "deny" + }) + defer os.RemoveAll(dir) + defer srv.Shutdown() + + client := rpcClient(t, srv) + defer client.Close() + + testutil.WaitForLeader(t, client.Call, "dc1") + + // No token is rejected + event := structs.EventFireRequest{ + Name: "foo", + Datacenter: "dc1", + Payload: []byte("nope"), + } + err := client.Call("Internal.EventFire", &event, nil) + if err == nil || err.Error() != permissionDenied { + t.Fatalf("bad: %s", err) + } + + // Root token is allowed to fire + event.Token = "root" + err = client.Call("Internal.EventFire", &event, nil) + if err != nil { + t.Fatalf("err: %s", err) + } +}