consul/acl
Iryna Shustava dfea3a0efe
acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches.

Part of [NET-3993]
2023-10-19 11:09:41 -06:00
..
resolver acl: default tenancy with the no-auth ACL resolver (#19006) 2023-09-26 11:52:53 -06:00
MockAuthorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
acl.go
acl_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
acl_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
authorizer_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
authorizer_test.go Add workload identity ACL rules (#18769) 2023-09-12 17:22:51 -04:00
chained_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
chained_authorizer_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
enterprisemeta_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
errors.go
errors_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
errors_test.go
policy.go Add workload identity ACL rules (#18769) 2023-09-12 17:22:51 -04:00
policy_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
policy_authorizer_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
policy_authorizer_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
policy_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
policy_merger.go Add workload identity ACL rules (#18769) 2023-09-12 17:22:51 -04:00
policy_merger_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
policy_test.go Add workload identity ACL rules (#18769) 2023-09-12 17:22:51 -04:00
static_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
static_authorizer_test.go
testing.go
validation.go
validation_test.go