mirror of https://github.com/hashicorp/consul
dfea3a0efe
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches. Part of [NET-3993] |
||
---|---|---|
.. | ||
resolver | ||
MockAuthorizer.go | ||
acl.go | ||
acl_ce.go | ||
acl_test.go | ||
authorizer.go | ||
authorizer_ce.go | ||
authorizer_test.go | ||
chained_authorizer.go | ||
chained_authorizer_test.go | ||
enterprisemeta_ce.go | ||
errors.go | ||
errors_ce.go | ||
errors_test.go | ||
policy.go | ||
policy_authorizer.go | ||
policy_authorizer_ce.go | ||
policy_authorizer_test.go | ||
policy_ce.go | ||
policy_merger.go | ||
policy_merger_ce.go | ||
policy_test.go | ||
static_authorizer.go | ||
static_authorizer_test.go | ||
testing.go | ||
validation.go | ||
validation_test.go |