luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: Add intentions to ACL System docs (#10323) 

Adds mention of `intentions` rules to ACL System and ACL Rules pages.

Resolves #9790
This commit is contained in:
Blake Covarrubias 2021-07-19 15:31:41 -07:00 committed by GitHub
parent 441a6c9969
commit 9a84fe7864
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
website/content/docs/security/acl/acl-rules.mdx
View File

@ -512,7 +512,19 @@ In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured wit
[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks) [`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks)
set to `true` in order to enable script checks. set to `true` in order to enable script checks.
-> Note: [Intention privileges](/docs/connect/intentions#intention-management-permissions) are managed with service rules. Service rules are also used to grant read or write access to intentions. The
following policy provides read-write access to the "app" service, and explicitly
grants `intentions:read` access to view intentions associated with the "app" service.
```hcl
service "app" {
policy = "write"
intentions = "read"
}
```
Refer to [Intention Management Permissions](/docs/connect/intentions#intention-management-permissions)
for more information about managing intentions access with service rules.
#### Session Rules #### Session Rules

2
website/content/docs/security/acl/acl-system.mdx
View File

@ -246,7 +246,7 @@ rules:
| [`node`](/docs/acl/acl-rules#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) | | [`node`](/docs/acl/acl-rules#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) |
| [`operator`](/docs/acl/acl-rules#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) | | [`operator`](/docs/acl/acl-rules#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) |
| [`query`](/docs/acl/acl-rules#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) | | [`query`](/docs/acl/acl-rules#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) |
| [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), and [Agent API](/api/agent) | | [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Intentions API](/api/connect/intentions), [Prepared Query API](/api/query), and [Agent API](/api/agent) |
| [`session`](/docs/acl/acl-rules#session-rules) | Session operations in the [Session API](/api/session) | | [`session`](/docs/acl/acl-rules#session-rules) | Session operations in the [Session API](/api/session) |
Since Consul snapshots actually contain ACL tokens, the [Snapshot API](/api/snapshot) Since Consul snapshots actually contain ACL tokens, the [Snapshot API](/api/snapshot)