Commit Graph

136 Commits (38f0907c7a9f4851080bdec3bb182f1b9e5bed1e)

Author SHA1 Message Date
freddygv 43360eb216 Rework acl exports interface
3 years ago
freddygv 0a4ff4bb91 Prefer concrete policyAuthorizer type
3 years ago
freddygv 22bdf279d1 Update NodeRead for partition-exports
3 years ago
Kyle Havlovitz 65c9109396 acl: pass PartitionInfo through ent ACLConfig
3 years ago
Kyle Havlovitz d03f849e49 acl: Expand ServiceRead logic to look at service-exports for cross-partition
3 years ago
Daniel Nephin 8e9773e20b acl: remove ACL.GetPolicy endpoint and resolve legacy acls
3 years ago
Daniel Nephin cd4e70b34c acl: fix default authorizer for down_policy
3 years ago
R.B. Boyer ca73abdea1
acl: fix intention:*:write checks (#11061)
3 years ago
Kyle Havlovitz a20ba21e29 acl: rename merge context update() -> fill()
3 years ago
Kyle Havlovitz a14950025a
Merge pull request #10984 from hashicorp/mesh-resource
3 years ago
Dhia Ayachi bc0e4f2f46
partition dicovery chains (#10983)
3 years ago
R.B. Boyer ee372a854a acl: adding a new mesh resource
3 years ago
Daniel Nephin 5b2e5882b4 acl: move check for Intention.DestinationName into Authorizer
3 years ago
Daniel Nephin a10283a313 acl: remove t.Parallel
4 years ago
R.B. Boyer 6ba776b4f3
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
4 years ago
Warren 40f080576e
Small typo in docstring (#8280)
4 years ago
Matt Keeler 51c3a605ad
Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc
5 years ago
Matt Keeler 1dba94311a
Add helper for generating better permission denied errors
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
5 years ago
Freddy cb77fc6d01
Add managed service provider token (#7218)
5 years ago
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
5 years ago
Matt Keeler 80d13d500b
Miscellaneous acl package cleanup
5 years ago
Matt Keeler 0b346616e9
Rename EnterpriseAuthorizerContext -> AuthorizerContext
5 years ago
Matt Keeler 8f0ab0129e
Miscellaneous Fixes (#6896)
5 years ago
Matt Keeler deb91f3d3c
[Feature] API: Add a internal endpoint to query for ACL authori… (#6888)
5 years ago
Matt Keeler 79f78632e1
Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687)
5 years ago
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
5 years ago
Matt Keeler 973341a592
ACL Authorizer overhaul (#6620)
5 years ago
Jack Pearkes 36ebca1fd0 Fix to prevent allowing recursive KV deletions when we shouldn’t
6 years ago
Matt Keeler f88d1ccc36
Handle rules translation when coming from the JSON compat HCL (#5662)
6 years ago
Matt Keeler 18b29c45c4
New ACLs (#4791)
6 years ago
Matt Keeler fbb1a7a52b Rewrite all of acl_test.go
6 years ago
Matt Keeler 883c5dd001 Fix ACL enforcement
6 years ago
Mitchell Hashimoto 5a47a53c70
acl: IntentionDefault => IntentionDefaultAllow
7 years ago
Mitchell Hashimoto ac72a0c5fd
agent: ACL checks for authorize, default behavior
7 years ago
Mitchell Hashimoto a621afe72c
agent/consul: convert intention ACLs to testify/assert
7 years ago
Mitchell Hashimoto 193f93107a
acl: implement IntentionRead/Write methods on ACL interface
7 years ago
Mitchell Hashimoto 437cc76af5
acl: parsing intentions in service block
7 years ago
Josh Soref 94835a2715 Spelling (#3958)
7 years ago
James Phillips 575d70aaa7
Cleans up some drift between the OSS and Enterprise trees.
7 years ago
Preetha Appan 26accb3b8a Only allow 'list' policies within 'key' policy definitions. Consolidated two similar tests into one and fixed alignment.
7 years ago
Preetha Appan 51a04ec87d Introduces new 'list' permission that applies to KV store recursive reads, and enforced only when opted in.
7 years ago
Preetha Appan d7e27e67c1 Introduce Code Policy validation via sentinel, with a noop implementation
7 years ago
Frank Schröder a3934c263c acl: consolidate error handling (#3401)
7 years ago
游远 ffcd2b1fc8 fix UnitTest in acl
7 years ago
James Phillips 022baeea13
Adds support to the ACL package for agent policies.
8 years ago
James Phillips 60d4322c49
Adds support to ACL package for session policies.
8 years ago
James Phillips 7fa4ab3fd1
Adds support to ACL package for node policies.
8 years ago
James Phillips 9b4f316b21
Sorts all the ACl policy handlers for easier navigation (no functional changes).
8 years ago
James Phillips c01a3871c9 Adds support for snapshots and restores. (#2396)
8 years ago
James Phillips e5850d8a26
Adds new consul operator endpoint, CLI, and ACL and some basic Raft commands.
8 years ago
James Phillips ae1cd5b47d
Switches all ACL caches to 2Q.
8 years ago
James Phillips e831727923
Activates fallback to replicated ACLs.
8 years ago
James Phillips 483898abe5 Renames "prepared_query" ACL policy to "query".
9 years ago
James Phillips 899dcfe053 Completes switch of prepared_query ACLs to govern query names.
9 years ago
James Phillips 67de77482e Creates new "prepared-query" ACL type and new token capture behavior.
9 years ago
James Phillips ce0881a99a Adds a new management ACL for prepared queries.
9 years ago
Dale Wijnand 5a28ebcaa3 Fix a bunch of typos.
9 years ago
Ryan Uber 58c26497a9 acl: adding negative tests for bad policy
10 years ago
Ryan Uber 02b49058a2 acl: more keyring tests
10 years ago
Ryan Uber 7e50a457d9 acl: allow omitting keyring policy, add tests
10 years ago
Ryan Uber 47a33e3f1a acl: keyring policy uses a flat string
10 years ago
Ryan Uber 1b8051a783 acl: initial pass at keyring ACLs
10 years ago
Ryan Uber 90f5eb8f69 acl: fix spelling in tests
10 years ago
Ryan Uber 0c624350eb acl: support for user events
10 years ago
Maciej Bryński 11425734d5 Consul prefix services ACLs
10 years ago
Veres Lajos 3b1068387a typofixes - https://github.com/vlajos/misspell_fixer
10 years ago
Armon Dadgar 8ff08819c8 acl: Expose service policy checks
10 years ago
Armon Dadgar 3695f65292 acl: Support for service policies
10 years ago
Armon Dadgar 05900f35c2 acl: Test parsing JSON
10 years ago
Armon Dadgar 34e018e471 acl: Updating for HCL changes
10 years ago
Armon Dadgar 9bababf872 acl: Avoid shared cache with different parents
10 years ago
Armon Dadgar 705c6cdb86 acl: Support checking write permissions on a prefix
10 years ago
Armon Dadgar 78580a733e acl: Avoid infinite recursion...
10 years ago
Armon Dadgar c2153843c6 acl: Support ACL checks, adding new root policy
10 years ago
Armon Dadgar 2fe94709e6 acl: Return the parent with GetACLPolicy
10 years ago
Armon Dadgar 5c0da3a4d7 acl: Simplify parent ACL, adding root policies
10 years ago
Armon Dadgar 468c8c3013 acl: Use only a single Radix tree per ACL
10 years ago
Armon Dadgar 3569082768 acl: Adding cache purging
10 years ago
Armon Dadgar ef77869983 acl: Adding additional tier of caching
10 years ago
Armon Dadgar 45f358e715 acl: Associate policy ID
10 years ago
Armon Dadgar 50ba1f6067 acl: Change types
10 years ago
Armon Dadgar 1abfd6c050 acl: Adding cached policy fetch via ACL
10 years ago
Armon Dadgar 6e9792dc37 acl: Adding caching mechanism
10 years ago
Armon Dadgar 7a1d778474 acl: First pass
10 years ago