consul/acl
R.B. Boyer 6ba776b4f3
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:

```
service_prefix "" { policy = "read" }
node_prefix ""    { policy = "read" }

namespace_prefix "" {
  service_prefix "" { policy = "read" }
  node_prefix ""    { policy = "read" }
}
```

This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
..
acl.go Small typo in docstring (#8280) 2020-07-09 17:38:50 -06:00
acl_oss.go
acl_test.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
authorizer.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
authorizer_oss.go
authorizer_test.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
chained_authorizer.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
chained_authorizer_test.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
errors.go Add helper for generating better permission denied errors 2020-06-16 15:06:18 -04:00
policy.go
policy_authorizer.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
policy_authorizer_oss.go
policy_authorizer_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
policy_merger.go
policy_merger_oss.go
policy_oss.go
policy_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
static_authorizer.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
static_authorizer_test.go