Only synthesize anonymous token in primary DC

hashicorp · May 19, 2023 · 1e48592 · 1e48592
1 parent 134aac7
commit 1e48592
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go
@@ -151,7 +151,7 @@ func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdenti
 	} else if aclToken != nil && !aclToken.IsExpired(time.Now()) {
 		return true, aclToken, nil
 	}
-	if aclToken == nil && token == acl.AnonymousTokenSecret {
+	if aclToken == nil && token == acl.AnonymousTokenSecret && s.InPrimaryDatacenter() {
 		// synthesize the anonymous token for early use, bootstrapping has not completed
 		s.insertAnonymousToken()
 		fallbackId := structs.ACLToken{