From 4a50fda5ab50fb2d6c99603b00a538ef432a6eed Mon Sep 17 00:00:00 2001
From: Iryna Shustava <ishustava@users.noreply.github.com>
Date: Thu, 29 Jul 2021 18:53:37 -0600
Subject: [PATCH] connect: redirect-traffic command should pass ACL token when
 ACL are enabled (#576)

Fixes #570,#568
---
 connect-inject/container_init.go      | 3 +++
 connect-inject/container_init_test.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/connect-inject/container_init.go b/connect-inject/container_init.go
index 4a0c4be63f..1c59787e14 100644
--- a/connect-inject/container_init.go
+++ b/connect-inject/container_init.go
@@ -313,6 +313,9 @@ consul-k8s connect-init -pod-name=${POD_NAME} -pod-namespace=${POD_NAMESPACE} \
 
 # Apply traffic redirection rules.
 /consul/connect-inject/consul connect redirect-traffic \
+  {{- if .AuthMethod }}
+  -token-file="/consul/connect-inject/acl-token" \
+  {{- end }}
   {{- if .ConsulNamespace }}
   -namespace="{{ .ConsulNamespace }}" \
   {{- end }}
diff --git a/connect-inject/container_init_test.go b/connect-inject/container_init_test.go
index 8e1e4a5e8f..36ffce4f89 100644
--- a/connect-inject/container_init_test.go
+++ b/connect-inject/container_init_test.go
@@ -543,6 +543,7 @@ consul-k8s connect-init -pod-name=${POD_NAME} -pod-namespace=${POD_NAMESPACE} \
 
 # Apply traffic redirection rules.
 /consul/connect-inject/consul connect redirect-traffic \
+  -token-file="/consul/connect-inject/acl-token" \
   -namespace="k8snamespace" \
   -proxy-id="$(cat /consul/connect-inject/proxyid)" \
   -proxy-uid=5995`,