From 9878915cee9a3dd165c973ea3d12756bc9f21630 Mon Sep 17 00:00:00 2001
From: Jeremy Jacobson <jjacobson93@users.noreply.github.com>
Date: Mon, 31 Jul 2023 13:31:27 -0700
Subject: [PATCH] Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>
---
 .changelog/18319.txt   | 2 ++
 agent/consul/leader.go | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.changelog/18319.txt b/.changelog/18319.txt
index 1198f640d18a..bb9c8cdf2c72 100644
--- a/.changelog/18319.txt
+++ b/.changelog/18319.txt
@@ -1,4 +1,6 @@
 ```release-note:improvement
 acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
+```
+```release-note:improvement
 acl: allow for a single slash character in policy names
 ```
diff --git a/agent/consul/leader.go b/agent/consul/leader.go
index f4b5639bc63c..2ca0f7ecf9e7 100644
--- a/agent/consul/leader.go
+++ b/agent/consul/leader.go
@@ -469,7 +469,11 @@ func (s *Server) initializeACLs(ctx context.Context) error {
 	return nil
 }
 
-func (s *Server) initializePolicy(newPolicy structs.ACLPolicy) error {
+// writeBuiltinACLPolicy writes the given built-in policy to Raft if the policy
+// is not found or if the policy rules have been changed. The name and 
+// description of a built-in policy are user-editable and must be preserved
+// during updates. This function must only be called in a primary datacenter.
+func (s *Server) writeBuiltinACLPolicy(newPolicy structs.ACLPolicy) error {
 	_, policy, err := s.fsm.State().ACLPolicyGetByID(nil, newPolicy.ID, structs.DefaultEnterpriseMetaInDefaultPartition())
 	if err != nil {
 		return fmt.Errorf("failed to get the builtin %s policy", newPolicy.Name)