mirror of https://github.com/hashicorp/consul
dfea3a0efe
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] |
||
---|---|---|
.. | ||
catalogtest | ||
internal | ||
exports.go |