luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: Redirect /docs/security/acl/acl-system (#12975) 

/docs/security/acl/acl-system was renamed in e9a42df from PR #12460 to
/docs/security/acl. A corresponding redirect was not added for this
page, resulting in a 404 being returned when accessing the old URL
path.

This commit redirects the former URL path to the new location, and
also updates all links on the site to point to the new location.
This commit is contained in:
Blake Covarrubias 2022-05-09 09:04:23 -07:00 committed by GitHub
parent ff0b7f4250
commit 01ef26dea0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 40 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
website/content/api-docs/acl/roles.mdx
View File

@ -50,7 +50,7 @@ The corresponding CLI command is [`consul acl role create`](/commands/acl/role/c
breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be
identities](/docs/security/acl#service-identities) that should be
applied to the role. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name
@ -64,7 +64,7 @@ The corresponding CLI command is [`consul acl role create`](/commands/acl/role/c
but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be
identities](/docs/security/acl#node-identities) that should be
applied to the role. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name
@ -339,11 +339,11 @@ The corresponding CLI command is [`consul acl role update`](/commands/acl/role/u
breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be
identities](/docs/security/acl#service-identities) that should be
applied to the role. Added in Consul 1.5.0.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be
identities](/docs/security/acl#node-identities) that should be
applied to the role. Added in Consul 1.8.1.
- `Namespace` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of

8
website/content/api-docs/acl/tokens.mdx
View File

@ -62,7 +62,7 @@ The corresponding CLI command is [`consul acl token create`](/commands/acl/token
enables role renaming without breaking tokens. Added in Consul 1.5.0.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be
identities](/docs/security/acl#service-identities) that should be
applied to the token. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name
@ -76,7 +76,7 @@ The corresponding CLI command is [`consul acl token create`](/commands/acl/token
but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be
identities](/docs/security/acl#node-identities) that should be
applied to the token. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name
@ -418,7 +418,7 @@ The corresponding CLI command is [`consul acl token update`](/commands/acl/token
enables role renaming without breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be
identities](/docs/security/acl#service-identities) that should be
applied to the token. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name
@ -432,7 +432,7 @@ The corresponding CLI command is [`consul acl token update`](/commands/acl/token
but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be
identities](/docs/security/acl#node-identities) that should be
applied to the token. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name

2
website/content/api-docs/index.mdx
View File

@ -44,7 +44,7 @@ Previously this was provided via a `?token=` query parameter. This functionality
exists on many endpoints for backwards compatibility, but its use is **highly
discouraged**, since it can show up in access logs as part of the URL.
To learn more about the ACL system read the [documentation](/docs/security/acl/acl-system).
To learn more about the ACL system read the [documentation](/docs/security/acl).
## Version Prefix

2
website/content/commands/exec.mdx
View File

@ -40,7 +40,7 @@ execute this command.
| `key:write` | `"_rexec"` prefix |
| `event:write` | `"_rexec"` prefix |
In addition to the above, the policy associated with the [agent token](/docs/security/acl/acl-system#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store.
In addition to the above, the policy associated with the [agent token](/docs/security/acl/acl-tokens#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store.
## Usage

2
website/content/commands/index.mdx
View File

@ -94,7 +94,7 @@ Command Options
## Authentication
When the [ACL system is enabled](/docs/agent/options#acl_enabled) the Consul CLI will
require an [ACL token](/docs/security/acl/acl-system#tokens) to perform API requests.
require an [ACL token](/docs/security/acl#tokens) to perform API requests.
The ACL token can be provided directly on the command line using the `-token` command line flag,
from a file using the `-token-file` command line flag, or from the

4
website/content/docs/discovery/dns.mdx
View File

@ -488,14 +488,14 @@ or local datacenter respectively.
## DNS with ACLs
In order to use the DNS interface when
[Access Control Lists (ACLs)](/docs/security/acl/acl-system)
[Access Control Lists (ACLs)](/docs/security/acl)
are enabled, you must first create ACL tokens with the necessary policies.
Consul agents resolve DNS requests using one of the preconfigured tokens below,
listed in order of precedence:
1. The agent's [`default` token](/docs/agent/config/config-files#acl_tokens_default).
2. The built-in [`anonymous` token](/docs/security/acl/acl-system#builtin-tokens).
2. The built-in [`anonymous` token](/docs/security/acl/acl-tokens#built-in-tokens).
Because the anonymous token is used when any request is made to Consul without
explicitly specifying a token, production deployments should not apply policies
needed for DNS to this token.

2
website/content/docs/ecs/manual/secure-configuration.mdx
View File

@ -57,7 +57,7 @@ names on ECS are not known until runtime.
### Create service tokens
Service tokens should be associated with a [service identity](https://www.consul.io/docs/security/acl/acl-system#acl-service-identities).
Service tokens should be associated with a [service identity](/docs/security/acl#service-identities).
The service identity includes `service:write` permissions for the service and sidecar proxy.
The following example shows how to use the Consul CLI to create a service token for a service named `example-client-app`:

2
website/content/docs/enterprise/audit-logging.mdx
View File

@ -138,7 +138,7 @@ is set to `OperationStart` which indicates the agent has begun processing the
request.
The value of the `payload.auth.accessor_id` field is the accessor ID of the
[ACL token](/docs/security/acl/acl-system#acl-tokens) which issued the request.
[ACL token](/docs/security/acl#tokens) which issued the request.
<CodeBlockConfig highlight="10">

2
website/content/docs/release-notes/consul/v1_11_x.mdx
View File

@ -23,7 +23,7 @@ description: >-
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information.
- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-system#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information.
- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information.
- Drops support for Envoy versions 1.15.x and 1.16.x

4
website/content/docs/security/acl/acl-federated-datacenters.mdx
View File

@ -180,12 +180,12 @@ $ consul join -token="ACL_MANAGEMENT_TOKEN" -wan [server 1, server 2, ...]
## Configure Clients in Secondary Datacenters
When ACLs are enabled, client agents need a special token known as the [`agent token`](/docs/security/acl/acl-system#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
When ACLs are enabled, client agents need a special token known as the [`agent token`](/docs/security/acl/acl-tokens#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
registering itself in the catalog, updating node level health checks, and performing [anti-entropy](/docs/architecture/anti-entropy) syncing.
### Generate Agent ACL Token
[ACL Node Identities](/docs/security/acl/acl-system#acl-node-identities) were introduced
[ACL Node Identities](/docs/security/acl#node-identities) were introduced
in Consul 1.8.1 and enable easily creating agent tokens with appropriately scoped policies.
To generate the ACL token using node identity, run the following command:

6
website/content/docs/security/acl/acl-legacy.mdx
View File

@ -10,12 +10,12 @@ description: >-
# ACL System in Legacy Mode
-> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/security/acl/acl-system).
-> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/security/acl).
~> **Alert: Deprecation Notice**
The ACL system described here was Consul's original ACL implementation.
The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.
The documentation for the new ACL system can be found [here](/docs/security/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial.
The documentation for the new ACL system can be found [here](/docs/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial.
The legacy documentation has two sections.
@ -26,7 +26,7 @@ The legacy documentation has two sections.
# New ACL System Differences
The [ACL System documentation](/docs/security/acl/acl-system) and [legacy ACL
The [ACL System documentation](/docs/security/acl) and [legacy ACL
documentation](/docs/security/acl/acl-legacy) describes the new and old systems in
detail. Below is a summary of the changes that need to be considered when
migrating legacy tokens to the new system.

8
website/content/docs/security/acl/acl-tokens.mdx
View File

@ -13,13 +13,13 @@ This topic describes access control list (ACL) tokens, which are the core method
Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. When ACLs are enabled, entities requesting access to a resource must include a token that has been linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resource based on the associated permissions.
Refer to the [ACL system workflow overview](/docs/security/acl/acl-system#workflow-overview) for information about tokens' role in the ACL system.
Refer to the [ACL system workflow overview](/docs/security/acl#workflow-overview) for information about tokens' role in the ACL system.
## Creating Tokens
The person responsible for administrating ACLs can use the API or CLI to create and link tokens to entities that enable permissions to resources.
Refer to the [ACL API](/api-docs/acl) and [ACL CLI](/commands/acl) documentation for instructions on how to create and link tokens. Tokens can also be created dynamically from trusted external system using an
[auth method](/docs/security/acl/auth-methods).
[auth method](/docs/security/acl/auth-methods).
Refer to the [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?in=consul/security) tutorial for help getting started with creating tokens. The tutorial includes an interactive sandbox so that you can perform the procedures without configuring your local environment.
@ -148,8 +148,8 @@ Refer to the [API](/api-docs/acl/token) or [command line](/commands/acl/token) d
| `Namespace` | <EnterpriseAlert inline/> Specifies the name of the Consul namespace in which the token is valid. See [Namespaces](/docs/enterprise/namespaces) for additional information. | String | `default` |
| `Description` | Human-readable description for documenting the purpose of the token. | String | none |
| `Local` | Indicates whether the token should be replicated globally or local to the datacenter. <br/> Set to `false` to replicate globally across all reachable datacenters. <br/>Setting to `true` configures the token to functional in the local datacenter only. | Boolean | `false` |
| `ServiceIdentities` | Specifies a list of nodes to apply to the token. See [Service Identities](/docs/security/roles#service-identities) in the "Roles" topic for additional information. | Array | none |
| `NodeIdentities` | Specifies a list of nodes to apply to the token. See [Node Identities](/docs/security/roles##node-identities) in the "Roles" topic for additional information. | Array | none |
| `ServiceIdentities` | Specifies a list of nodes to apply to the token. See [Service Identities](/docs/security/acl/acl-roles#service-identities) in the "Roles" topic for additional information. | Array | none |
| `NodeIdentities` | Specifies a list of nodes to apply to the token. See [Node Identities](/docs/security/acl/acl-roles#node-identities) in the "Roles" topic for additional information. | Array | none |
| `Legacy` | Indicates if the token was created using the the legacy ACL system. | Boolean | `false` |
| `Policies` | List of policies linked to the token, including the policy ID and name. | String | none |

2
website/content/docs/security/security-models/core.mdx
View File

@ -170,7 +170,7 @@ environment and adapt these configurations accordingly.
capabilities tied to an individual human, or machine operator identity. To ultimately secure the ACL system,
administrators should configure the [`default_policy`](/docs/agent/config/config-files#acl_default_policy) to "deny".
The [system](/docs/security/acl/acl-system) is comprised of five major components:
The [system](/docs/security/acl) is comprised of five major components:
- **🗝 Token** - API key associated with policies, roles, or service identities.

18
website/redirects.js
View File

@ -47,12 +47,22 @@ module.exports = [
},
{
source: '/docs/agent/acl-system',
destination: '/docs/security/acl/acl-system',
destination: '/docs/security/acl',
permanent: true,
},
{
source: '/docs/acl/acl-system',
destination: '/docs/security/acl/acl-system',
destination: '/docs/security/acl',
permanent: true,
},
{
source: '/docs/security/acl/acl-system',
destination: '/docs/security/acl',
permanent: true,
},
{
source: '/docs/security/roles',
destination: '/docs/security/acl/acl-roles',
permanent: true,
},
{ source: '/docs/agent/http', destination: '/api-docs', permanent: true },
@ -1287,9 +1297,9 @@ module.exports = [
{
source: '/docs/nia/release-notes/0-5-0',
destination: '/docs/release-notes/consul-terraform-sync/v0_5_x',
permanent: true,
permanent: true,
},
{
{
source: '/docs/api-gateway/api-gateway-usage',
destination: '/docs/api-gateway/consul-api-gateway-install',
permanent: true,