Docs Proofing (#5424)

* Docs: Remove default_policy From Code Example

It is not needed according to:
https://www.consul.io/docs/agent/acl-system.html#configuring-acls

* Docs: Cleanup Commands And Their Output On ACL Guide Page

Remove extra spaces and newlines
Ensure rules match input rules

* Docs: Remove Incomplete "Added In Version" Statement

Version added is specified on parent option

* Docs: Fix Broken Links

* Docs: Minor Sentence Tweaks
This commit is contained in:
Alex Mayer 2019-03-15 10:35:33 -04:00 committed by kaitlincarter-hc
parent 240934e856
commit a73d983d19
5 changed files with 8 additions and 15 deletions

View File

@ -189,7 +189,7 @@ with `bar`.
Since [Agent API](/api/agent.html) utility operations may be reqired before an agent is joined to
a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be
configured with [`acl_agent_master_token`](/docs/agent/options.html#acl_agent_master_token) to allow
configured with [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) to allow
write access to these operations even if no ACL resolution capability is available.
#### Event Rules

View File

@ -124,8 +124,8 @@ Consul datacenters, and does not allow modification of any state.
3. The [connect CA roots endpoint](/api/connect/ca.html#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul.
Constructing rules from these policies is covered in detail in the
[Rule Specification](#rule-specification) section below.
Constructing rules from these policies is covered in detail on the
[ACL Rules](/docs/agent/acl-rules.html) page.
## Configuring ACLs
@ -147,7 +147,7 @@ system, or accessing Consul in special situations:
| ------------- | ------- | ------- | ------- |
| [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent.html) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details |
| [`acl.tokens.agent`](/docs/agent/options.html#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details |
| [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details |
| [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) guide for more details |
| [`acl.tokens.default`](/docs/agent/options.html#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents |
All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent.html#update-acl-tokens).

View File

@ -59,7 +59,7 @@ There are several different kinds of checks:
Certificate verification can be turned off by setting the `tls_skip_verify`
field to `true` in the check definition.
* TCP + Interval - These checks make an TCP connection attempt every Interval
* TCP + Interval - These checks make a TCP connection attempt every Interval
(e.g. every 30 seconds) to the specified IP/hostname and port. If no hostname
is specified, it defaults to "localhost". The status of the service depends on
whether the connection attempt is successful (ie - the port is currently

View File

@ -584,7 +584,7 @@ default will automatically work with some tooling.
* <a name="acl_tokens_agent"></a><a href="#acl_tokens_agent">`agent`</a> - Used for clients
and servers to perform internal operations. If this isn't specified, then the
<a href="#acl_tokens_default">`default`</a> will be used. This was added in Consul
<a href="#acl_tokens_default">`default`</a> will be used.
<br/><br/>
This token must at least have write access to the node name it will register as in order to set any
of the node-level information in the catalog such as metadata, or the node's tagged addresses. There

View File

@ -130,7 +130,7 @@ We only need to create one policy and can do this on any of the servers. If you
`CONSUL_HTTP_TOKEN` environment variable to the bootstrap token, please refer to the previous step.
```
$ consul acl policy create -name "agent-token" -description "Agent Token Policy" -rules @agent-policy.hcl
$ consul acl policy create -name "agent-token" -description "Agent Token Policy" -rules @agent-policy.hcl
ID: 5102b76c-6058-9fe7-82a4-315c353eb7f7
Name: agent-policy
Description: Agent Token Policy
@ -139,7 +139,6 @@ Rules:
node_prefix "" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
@ -247,7 +246,6 @@ with a configuration file that enables ACLs. We can use the same ACL agent token
{
"acl" : {
"enabled" : true,
"default_policy" : "deny",
"down_policy" : "extend-cache",
"tokens" : {
"agent" : "da666809-98ca-0e94-a99c-893c4bf5f9eb"
@ -296,7 +294,6 @@ we will give the anonymous token read privileges for all nodes:
```bash
$ consul acl policy create -name 'list-all-nodes' -rules 'node_prefix "" { policy = "read" }'
ID: e96d0a33-28b4-d0dd-9b3f-08301700ac72
Name: list-all-nodes
Description:
@ -305,7 +302,6 @@ Rules:
node_prefix "" { policy = "read" }
$ consul acl token update -id 00000000-0000-0000-0000-000000000002 -policy-name list-all-nodes -description "Anonymous Token - Can List Nodes"
Token updated successfully.
AccessorID: 00000000-0000-0000-0000-000000000002
SecretID: anonymous
@ -424,20 +420,18 @@ First create the new policy.
$ consul acl policy create -name "ui-policy" \
-description "Necessary permissions for UI functionality" \
-rules 'key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }'
ID: 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a
Name: ui-policy
Description: Necessary permissions for UI functionality
Datacenters:
Rules:
key "" { policy = "write" } node "" { policy = "read" } service "" { policy = "read" }
key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }
```
With the new policy, create a token.
```sh
$ consul acl token create -description "UI Token" -policy-name "ui-policy"
AccessorID: 56e605cf-a6f9-5f9d-5c08-a0e1323cf016
SecretID: 117842b6-6208-446a-0d1e-daf93854857d
Description: UI Token
@ -445,7 +439,6 @@ Local: false
Create Time: 2018-10-19 14:55:44.254063 -0400 EDT
Policies:
9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a - ui-policy
```
The token can then be set on the "settings" page of the UI.