From ec7a800577dacec7b52bc6b2a27e9ce82234d8fe Mon Sep 17 00:00:00 2001 From: Derek Menteer Date: Tue, 9 May 2023 14:31:59 -0500 Subject: [PATCH] Fix ent bug caused by #17241. All tests passed in OSS, but not ENT. This is a patch to resolve the problem for both. --- agent/consul/health_endpoint.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/agent/consul/health_endpoint.go b/agent/consul/health_endpoint.go index 6913136d38..945b3b2eb8 100644 --- a/agent/consul/health_endpoint.go +++ b/agent/consul/health_endpoint.go @@ -214,6 +214,14 @@ func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *struc f = h.serviceNodesDefault } + authzContext := acl.AuthorizerContext{ + Peer: args.PeerName, + } + authz, err := h.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext) + if err != nil { + return err + } + if err := h.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil { return err } @@ -239,14 +247,6 @@ func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *struc return err } - authzContext := acl.AuthorizerContext{ - Peer: args.PeerName, - } - authz, err := h.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext) - if err != nil { - return err - } - // If we're doing a connect or ingress query, we need read access to the service // we're trying to find proxies for, so check that. if args.Connect || args.Ingress {