consul/agent/grpc-external/services
R.B. Boyer ef6f2494c7
resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925)
The ACLs.Read hook for a resource only allows for the identity of a 
resource to be passed in for use in authz consideration. For some 
resources we wish to allow for the current stored value to dictate how 
to enforce the ACLs (such as reading a list of applicable services from 
the payload and allowing service:read on any of them to control reading the enclosing resource).

This change update the interface to usually accept a *pbresource.ID, 
but if the hook decides it needs more data it returns a sentinel error 
and the resource service knows to defer the authz check until after
 fetching the data from storage.
2023-09-22 09:53:55 -05:00
..
acl [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
connectca [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
dataplane v2: various fixes to make K8s tproxy multiport acceptance tests and manual explicit upstreams (single port) tests pass (#18874) 2023-09-20 00:02:01 +00:00
dns [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
peerstream [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
resource resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925) 2023-09-22 09:53:55 -05:00
serverdiscovery [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00