Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>
hashicorp · Jul 31, 2023 · 9878915 · 9878915
1 parent d54e3a9
commit 9878915
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/.changelog/18319.txt b/.changelog/18319.txt
@@ -1,4 +1,6 @@
 ```release-note:improvement
 acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
+```
+```release-note:improvement
 acl: allow for a single slash character in policy names
 ```
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
@@ -469,7 +469,11 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 	return nil
 }
 
-func (s *Server) initializePolicy(newPolicy structs.ACLPolicy) error {
+// writeBuiltinACLPolicy writes the given built-in policy to Raft if the policy
+// is not found or if the policy rules have been changed. The name and 
+// description of a built-in policy are user-editable and must be preserved
+// during updates. This function must only be called in a primary datacenter.
+func (s *Server) writeBuiltinACLPolicy(newPolicy structs.ACLPolicy) error {
 	_, policy, err := s.fsm.State().ACLPolicyGetByID(nil, newPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
 	if err != nil {
 		return fmt.Errorf("failed to get the builtin %s policy", newPolicy.Name)