From 0cf6442bd545b106cff4bc5f03ff0b1f57270997 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Tue, 18 Jul 2023 21:03:30 -0500 Subject: [PATCH] Backport of docs - remove Sentinel from enterprise features list into release/1.16.x (#18182) * resolve conflicts --------- Co-authored-by: David Yu --- .../content/docs/dynamic-app-config/kv.mdx | 18 ++++++++++++++ website/content/docs/enterprise/index.mdx | 18 ++++++-------- website/content/docs/enterprise/sentinel.mdx | 24 ------------------- website/data/docs-nav-data.json | 4 ---- website/redirects.js | 6 +++++ 5 files changed, 31 insertions(+), 39 deletions(-) delete mode 100644 website/content/docs/enterprise/sentinel.mdx diff --git a/website/content/docs/dynamic-app-config/kv.mdx b/website/content/docs/dynamic-app-config/kv.mdx index 62406e019..5986cb074 100644 --- a/website/content/docs/dynamic-app-config/kv.mdx +++ b/website/content/docs/dynamic-app-config/kv.mdx @@ -61,6 +61,24 @@ and when recursively searching within the data store. We also recommend that you avoid the use of `*`, `?`, `'`, and `%` because they can cause issues when using the API and in shell scripts. +## Using Sentinel to apply policies for Consul KV + + + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. + + + +You can also use Sentinel as a Policy-as-code framework for defining advanced key-value storage access control policies. Sentinel policies extend the ACL system in Consul beyond static "read", "write", +and "deny" policies to support full conditional logic and integration with +external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts. + +To get started with Sentinel in Consul, +refer to the [Sentinel documentation](https://docs.hashicorp.com/sentinel/consul) or +[Consul documentation](/consul/docs/agent/sentinel). + + ## Extending Consul KV ### Consul Template diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index a67cab375..00829e9ef 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -20,12 +20,13 @@ The following features are [available in several forms of Consul Enterprise](#co - [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter - [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility -- [Sameness Groups](/consul/docs/connect/config-entries/samenes-group): Define partitions and cluster peers as members of a group with identical services +- [Sameness Groups](/consul/docs/connect/config-entries/sameness-group): Define partitions and cluster peers as members of a group with identical services ### Resiliency - [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state - [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance +- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses. ### Scalability @@ -45,7 +46,6 @@ The following features are [available in several forms of Consul Enterprise](#co - [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly - [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API -- [Sentinel for KV](/consul/docs/enterprise/sentinel): Policy-as-code framework for defining advanced key-value storage access control policies ### Regulatory compliance @@ -102,8 +102,7 @@ Available Enterprise features per Consul form and license include: | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No | Yes | Yes | | [Redundancy Zones](/consul/docs/enterprise/redundancy) | Not applicable | Yes | With Global Visibility, Routing, and Scale module | | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A | -| [Sentinel for KV](/consul/docs/enterprise/sentinel) | All tiers | Yes | With Governance and Policy module | -| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module | [HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul @@ -131,8 +130,7 @@ Consul Enterprise feature availability can change depending on your server and c | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | | [Redundancy Zones](/consul/docs/enterprise/redundancy) | ✅ | ✅ | ✅ | | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | ✅ | ✅ | ✅ | -| [Sentinel ](/consul/docs/enterprise/sentinel) | ✅ | ✅ | ✅ | -| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | @@ -152,8 +150,7 @@ Consul Enterprise feature availability can change depending on your server and c | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ | | [Redundancy Zones](/consul/docs/enterprise/redundancy) | ❌ | ❌ | ❌ | | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | ✅ | ✅ | ✅ | -| [Sentinel ](/consul/docs/enterprise/sentinel) | ✅ | ✅ | ✅ | -| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | @@ -173,8 +170,7 @@ Consul Enterprise feature availability can change depending on your server and c | [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ❌ | ❌ | ❌ | | [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a | | [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | ✅ | ✅ | ✅ | -| [Sentinel ](/consul/docs/enterprise/sentinel) | ✅ | ✅ | ✅ | -| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | +| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ | - \ No newline at end of file + diff --git a/website/content/docs/enterprise/sentinel.mdx b/website/content/docs/enterprise/sentinel.mdx deleted file mode 100644 index 3fea0c8a9..000000000 --- a/website/content/docs/enterprise/sentinel.mdx +++ /dev/null @@ -1,24 +0,0 @@ ---- -layout: docs -page_title: Sentinel in Consul (Enterprise) -description: >- - Sentinel is an access-control-policy-as-code framework and language. Learn how Consul can use Sentinel policies to extend the ACL system's capabilities and further secure your clusters by controlling key-value (KV) store write access. ---- - -# Sentinel in Consul - - - -This feature requires -HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. -Refer to the [enterprise feature matrix](/consul/docs/enterprise#consul-enterprise-feature-availability) for additional information. - - - -Sentinel policies extend the ACL system in Consul beyond static "read", "write", -and "deny" policies to support full conditional logic and integration with -external systems. Reference the [Sentinel documentation](https://docs.hashicorp.com/sentinel/concepts) for high-level Sentinel concepts. - -To get started with Sentinel in Consul, -[read the general documentation](https://docs.hashicorp.com/sentinel/consul) or -[Consul documentation](/consul/docs/agent/sentinel). diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 277050600..781199ce1 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -1707,10 +1707,6 @@ "title": "NIA with TFE", "href": "/docs/nia/enterprise" }, - { - "title": "Sentinel", - "path": "enterprise/sentinel" - }, { "title": "License", "routes": [ diff --git a/website/redirects.js b/website/redirects.js index 517c73bbf..6f4cdf8e1 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -60,4 +60,10 @@ module.exports = [ '/consul/docs/connect/cluster-peering/usage/establish-cluster-peering', permanent: true, }, + { + source: '/consul/docs/enterprise/sentinel', + destination: + '/consul/docs/dynamic-app-config/kv#using-sentinel-to-apply-policies-for-consul-kv', + permanent: true, + }, ]