luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: add notice that legacy ACLs have been removed. 

Add changelog

Also remove a metric that is no longer emitted that was missed in a
previous step.
This commit is contained in:
Daniel Nephin 2021-10-05 14:28:51 -04:00
parent 577f2649bf
commit 51e498717f
6 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/11232.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:breaking-change
acl: The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that nothing is still using the legacy ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information.
```

4
agent/consul/acl.go
View File

@ -30,10 +30,6 @@ var ACLCounters = []prometheus.CounterDefinition{
} }
var ACLSummaries = []prometheus.SummaryDefinition{ var ACLSummaries = []prometheus.SummaryDefinition{
{
Name: []string{"acl", "resolveTokenLegacy"},
Help: "This measures the time it takes to resolve an ACL token using the legacy ACL system.",
},
{ {
Name: []string{"acl", "ResolveToken"}, Name: []string{"acl", "ResolveToken"},
Help: "This measures the time it takes to resolve an ACL token.", Help: "This measures the time it takes to resolve an ACL token.",

10
website/content/api-docs/acl/index.mdx
View File

@ -144,7 +144,7 @@ $ curl \
- `ReplicationType` - The type of replication that is currently in use. - `ReplicationType` - The type of replication that is currently in use.
- `legacy` - ACL replication is in legacy mode and is replicating legacy ACL tokens. - `legacy` - (removed in Consul 1.11.0) ACL replication is in legacy mode and is replicating legacy ACL tokens.
- `policies` - ACL replication is only replicating policies as token replication - `policies` - ACL replication is only replicating policies as token replication
is disabled. is disabled.
@ -181,8 +181,8 @@ $ curl \
## Translate Rules ## Translate Rules
-> **Deprecated** - This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system. It -> **Deprecated** - This endpoint was removed in Consul 1.11.0.
will be removed in a future major Consul version when support for legacy ACLs is removed. This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system.
This endpoint translates the legacy rule syntax into the latest syntax. It is intended This endpoint translates the legacy rule syntax into the latest syntax. It is intended
to be used by operators managing Consul's ACLs and performing legacy token to new policy to be used by operators managing Consul's ACLs and performing legacy token to new policy
@ -226,8 +226,8 @@ agent_prefix "" {
## Translate a Legacy Token's Rules ## Translate a Legacy Token's Rules
-> **Deprecated** - This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system.. It -> **Deprecated** - This endpoint was removed in Consul 1.11.0.
will be removed in a future major Consul version when support for legacy ACLs is removed. This endpoint was introduced in Consul 1.4.0 for migration from the previous ACL system.
This endpoint translates the legacy rules embedded within a legacy ACL into the latest This endpoint translates the legacy rules embedded within a legacy ACL into the latest
syntax. It is intended to be used by operators managing Consul's ACLs and performing syntax. It is intended to be used by operators managing Consul's ACLs and performing

8
website/content/api-docs/acl/legacy.mdx
View File

@ -2,17 +2,17 @@
layout: api layout: api
page_title: Legacy ACLs - HTTP API page_title: Legacy ACLs - HTTP API
description: >- description: >-
The /acl endpoints create, update, destroy, and query Legacy ACL tokens in The legacy /acl endpoints to create, update, destroy, and query legacy ACL tokens in
Consul. Consul.
--- ---
# ACL HTTP API # ACL HTTP API
-> **Consul 1.4.0 deprecates the legacy ACL system completely.** It's _strongly_ -> **The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.** It's _strongly_
recommended you do not build anything using the legacy system and consider using recommended you do not build anything using the legacy system and use
the new ACL [Token](/api/acl/tokens) and [Policy](/api/acl/policies) APIs instead. the new ACL [Token](/api/acl/tokens) and [Policy](/api/acl/policies) APIs instead.
The `/acl` endpoints create, update, destroy, and query ACL tokens in Consul. The legacy `/acl` endpoints to create, update, destroy, and query legacy ACL tokens in Consul.
For more information about ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production). For more information about ACLs, please check the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).

1
website/content/docs/agent/telemetry.mdx
View File

@ -329,7 +329,6 @@ These metrics are used to monitor the health of the Consul servers.
| Metric | Description | Unit | Type | | Metric | Description | Unit | Type |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- |
| `consul.acl.resolveTokenLegacy` | Measures the time it takes to resolve an ACL token using the legacy ACL system. | ms | timer |
| `consul.acl.ResolveToken` | Measures the time it takes to resolve an ACL token. | ms | timer | | `consul.acl.ResolveToken` | Measures the time it takes to resolve an ACL token. | ms | timer |
| `consul.acl.ResolveTokenToIdentity` | Measures the time it takes to resolve an ACL token to an Identity. | ms | timer | | `consul.acl.ResolveTokenToIdentity` | Measures the time it takes to resolve an ACL token to an Identity. | ms | timer |
| `consul.acl.token.cache_hit` | Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache. | cache read op | counter | | `consul.acl.token.cache_hit` | Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache. | cache read op | counter |

5
website/content/docs/security/acl/acl-legacy.mdx
View File

@ -13,8 +13,9 @@ description: >-
-> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/acl/acl-system). -> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/acl/acl-system).
~> **Alert: Deprecation Notice** ~> **Alert: Deprecation Notice**
The ACL system described here was Consul's original ACL implementation. In Consul 1.4.0 The ACL system described here was Consul's original ACL implementation.
the ACL system was rewritten and the legacy system was deprecated. The new ACL system information can be found [here](/docs/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial. The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.
The documentation for the new ACL system can be found [here](/docs/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial.
The legacy documentation has two sections. The legacy documentation has two sections.