Add warning when script checks enabled without ACLs #22877

bharath-k1999 · 2025-10-07T05:28:12Z

Description

Testing & Reproduction steps

Links

PR Checklist

updated test coverage
external facing docs updated
appropriate backport labels added
not a security concern

PCI review checklist

I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.

Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

srahul3

Added few comments

srahul3 · 2025-10-07T09:00:28Z

agent/agent.go

 				return fmt.Errorf("Scripts are disabled on this agent from remote calls; to enable, configure 'enable_script_checks' to true")
 			}
+
+			if !a.config.ACLsEnabled && a.config.EnableLocalScriptChecks {


Add the changelog for this.

srahul3 · 2025-10-07T09:03:05Z

agent/agent.go

+				a.logger.Warn("Scripts are enabled on this agent without ACLs; this is not recommended for security reasons")
+			}
+
+			if !a.config.ACLsEnabled && a.config.EnableLocalScriptChecks {


Can you elaborate why we have this check twice? The message looks redundant

My bad mistakenly added same check , added correct check and pushed

srahul3

✅ LGTM

srahul3 · 2025-10-07T10:00:35Z

agent/agent.go

+				a.logger.Warn("Scripts are enabled on this agent without ACLs; this is not recommended for security reasons")
+			}
+
+			if !a.config.ACLsEnabled && a.config.EnableRemoteScriptChecks {


Can you also explain the need for the redundant checks?

hc-github-team-consul-core · 2025-10-08T09:21:33Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-09T09:21:44Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-10T09:22:43Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-11T09:20:06Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-12T09:20:59Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20,1.21] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-13T09:23:11Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-14T09:23:08Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-15T09:23:42Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-16T09:23:47Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-17T09:24:16Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-18T09:22:14Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-19T09:21:35Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-21T09:23:35Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-23T09:26:16Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-24T09:25:59Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-25T09:23:37Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-28T09:25:21Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

hc-github-team-consul-core · 2025-10-29T09:26:46Z

📣 Hi @bharath-k1999! a backport is missing for this PR [22877] for versions [1.20] please perform the backport manually and add the following snippet to your backport PR description:

<details>
	<summary> Overview of commits </summary>
		- <<backport commit 1>>
		- <<backport commit 2>>
		...
</details>

This reverts commit 11434f7.

hc-github-team-consul-core · 2025-10-30T09:25:45Z