consul/acl
Iryna Shustava dfea3a0efe
acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
To properly enforce writes on resources that have workload selectors with prefixes, we need another service authorization rule that allows us to check whether read is allowed within a given prefix. Specifically we need to only allow writes if the policy prefix allows for a wider set of names than the prefix selector on the resource. We should also not allow policies with exact names for prefix matches.

Part of [NET-3993]
2023-10-19 11:09:41 -06:00
..
resolver
MockAuthorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
acl.go
acl_ce.go
acl_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
authorizer_ce.go
authorizer_test.go
chained_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
chained_authorizer_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
enterprisemeta_ce.go
errors.go
errors_ce.go
errors_test.go
policy.go
policy_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
policy_authorizer_ce.go
policy_authorizer_test.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
policy_ce.go
policy_merger.go
policy_merger_ce.go
policy_test.go
static_authorizer.go acls,catalog,mesh: properly authorize workload selectors on writes (#19260) 2023-10-19 11:09:41 -06:00
static_authorizer_test.go
testing.go
validation.go
validation_test.go