Fill the Authz Context with a Sentinel Scope (#6729)

hashicorp · Nov 1, 2019 · ff8157f · ff8157f
1 parent ab5a05f
commit ff8157f
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/agent/consul/kvs_endpoint.go b/agent/consul/kvs_endpoint.go
@@ -48,8 +48,9 @@ func kvsPreApply(srv *Server, rule acl.Authorizer, op api.KVOp, dirEnt *structs.
 			}
 
 		default:
-			// TODO (namespaces) use actual ent authz context - ensure we set the Sentinel Scope
-			if rule.KeyWrite(dirEnt.Key, nil) != acl.Allow {
+			var authzContext acl.EnterpriseAuthorizerContext
+			dirEnt.FillAuthzContext(&authzContext)
+			if rule.KeyWrite(dirEnt.Key, &authzContext) != acl.Allow {
 				return false, acl.ErrPermissionDenied
 			}
 		}