Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replication token cannot replicate namespaced tokens #364

Closed
lkysow opened this issue Oct 22, 2020 · 0 comments · Fixed by #370
Closed

Replication token cannot replicate namespaced tokens #364

lkysow opened this issue Oct 22, 2020 · 0 comments · Fixed by #370
Labels
area/acls Related to ACLs theme/federation Related to federating Consul datacenters type/enhancement New feature or request

Comments

@lkysow
Copy link
Member

lkysow commented Oct 22, 2020

Our ACL replication rules (https://github.com/hashicorp/consul-k8s/blob/master/subcommand/server-acl-init/rules.go#L225-L242)

Contain

acl = "write"

But not

namespace prefix "" {
  acl = "write"
}

This means that replication of tokens from non-default namespaces won't work. We should add this to our rules.
@lkysow lkysow added area/acls Related to ACLs theme/federation Related to federating Consul datacenters type/enhancement New feature or request labels Oct 22, 2020
@lkysow lkysow mentioned this issue Oct 27, 2020
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/acls Related to ACLs theme/federation Related to federating Consul datacenters type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replication token needs acl write on all ns's hashicorp/consul-k8s
1 participant
@lkysow