From a73d983d199893f919ce858794324c7ae1d10c79 Mon Sep 17 00:00:00 2001 From: Alex Mayer Date: Fri, 15 Mar 2019 10:35:33 -0400 Subject: [PATCH] Docs Proofing (#5424) * Docs: Remove default_policy From Code Example It is not needed according to: https://www.consul.io/docs/agent/acl-system.html#configuring-acls * Docs: Cleanup Commands And Their Output On ACL Guide Page Remove extra spaces and newlines Ensure rules match input rules * Docs: Remove Incomplete "Added In Version" Statement Version added is specified on parent option * Docs: Fix Broken Links * Docs: Minor Sentence Tweaks --- website/source/docs/agent/acl-rules.html.md | 2 +- website/source/docs/agent/acl-system.html.md | 6 +++--- website/source/docs/agent/checks.html.md | 2 +- website/source/docs/agent/options.html.md | 2 +- website/source/docs/guides/acl.html.md | 11 ++--------- 5 files changed, 8 insertions(+), 15 deletions(-) diff --git a/website/source/docs/agent/acl-rules.html.md b/website/source/docs/agent/acl-rules.html.md index c3d36bdcf..f0d44177b 100644 --- a/website/source/docs/agent/acl-rules.html.md +++ b/website/source/docs/agent/acl-rules.html.md @@ -189,7 +189,7 @@ with `bar`. Since [Agent API](/api/agent.html) utility operations may be reqired before an agent is joined to a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be -configured with [`acl_agent_master_token`](/docs/agent/options.html#acl_agent_master_token) to allow +configured with [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) to allow write access to these operations even if no ACL resolution capability is available. #### Event Rules diff --git a/website/source/docs/agent/acl-system.html.md b/website/source/docs/agent/acl-system.html.md index 598ad8a60..a84d26ffc 100644 --- a/website/source/docs/agent/acl-system.html.md +++ b/website/source/docs/agent/acl-system.html.md @@ -124,8 +124,8 @@ Consul datacenters, and does not allow modification of any state. 3. The [connect CA roots endpoint](/api/connect/ca.html#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul. -Constructing rules from these policies is covered in detail in the -[Rule Specification](#rule-specification) section below. +Constructing rules from these policies is covered in detail on the +[ACL Rules](/docs/agent/acl-rules.html) page. ## Configuring ACLs @@ -147,7 +147,7 @@ system, or accessing Consul in special situations: | ------------- | ------- | ------- | ------- | | [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent.html) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | | [`acl.tokens.agent`](/docs/agent/options.html#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | -| [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | +| [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) guide for more details | | [`acl.tokens.default`](/docs/agent/options.html#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent.html#update-acl-tokens). diff --git a/website/source/docs/agent/checks.html.md b/website/source/docs/agent/checks.html.md index e9ad04d2d..7438736dc 100644 --- a/website/source/docs/agent/checks.html.md +++ b/website/source/docs/agent/checks.html.md @@ -59,7 +59,7 @@ There are several different kinds of checks: Certificate verification can be turned off by setting the `tls_skip_verify` field to `true` in the check definition. -* TCP + Interval - These checks make an TCP connection attempt every Interval +* TCP + Interval - These checks make a TCP connection attempt every Interval (e.g. every 30 seconds) to the specified IP/hostname and port. If no hostname is specified, it defaults to "localhost". The status of the service depends on whether the connection attempt is successful (ie - the port is currently diff --git a/website/source/docs/agent/options.html.md b/website/source/docs/agent/options.html.md index 05ea6287e..11426809b 100644 --- a/website/source/docs/agent/options.html.md +++ b/website/source/docs/agent/options.html.md @@ -584,7 +584,7 @@ default will automatically work with some tooling. * `agent` - Used for clients and servers to perform internal operations. If this isn't specified, then the - `default` will be used. This was added in Consul + `default` will be used.

This token must at least have write access to the node name it will register as in order to set any of the node-level information in the catalog such as metadata, or the node's tagged addresses. There diff --git a/website/source/docs/guides/acl.html.md b/website/source/docs/guides/acl.html.md index 294bf27a3..652b0b6dc 100644 --- a/website/source/docs/guides/acl.html.md +++ b/website/source/docs/guides/acl.html.md @@ -130,7 +130,7 @@ We only need to create one policy and can do this on any of the servers. If you `CONSUL_HTTP_TOKEN` environment variable to the bootstrap token, please refer to the previous step. ``` -$ consul acl policy create -name "agent-token" -description "Agent Token Policy" -rules @agent-policy.hcl +$ consul acl policy create -name "agent-token" -description "Agent Token Policy" -rules @agent-policy.hcl ID: 5102b76c-6058-9fe7-82a4-315c353eb7f7 Name: agent-policy Description: Agent Token Policy @@ -139,7 +139,6 @@ Rules: node_prefix "" { policy = "write" } - service_prefix "" { policy = "read" } @@ -247,7 +246,6 @@ with a configuration file that enables ACLs. We can use the same ACL agent token { "acl" : { "enabled" : true, - "default_policy" : "deny", "down_policy" : "extend-cache", "tokens" : { "agent" : "da666809-98ca-0e94-a99c-893c4bf5f9eb" @@ -296,7 +294,6 @@ we will give the anonymous token read privileges for all nodes: ```bash $ consul acl policy create -name 'list-all-nodes' -rules 'node_prefix "" { policy = "read" }' - ID: e96d0a33-28b4-d0dd-9b3f-08301700ac72 Name: list-all-nodes Description: @@ -305,7 +302,6 @@ Rules: node_prefix "" { policy = "read" } $ consul acl token update -id 00000000-0000-0000-0000-000000000002 -policy-name list-all-nodes -description "Anonymous Token - Can List Nodes" - Token updated successfully. AccessorID: 00000000-0000-0000-0000-000000000002 SecretID: anonymous @@ -424,20 +420,18 @@ First create the new policy. $ consul acl policy create -name "ui-policy" \ -description "Necessary permissions for UI functionality" \ -rules 'key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }' - ID: 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a Name: ui-policy Description: Necessary permissions for UI functionality Datacenters: Rules: -key "" { policy = "write" } node "" { policy = "read" } service "" { policy = "read" } +key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" } ``` With the new policy, create a token. ```sh $ consul acl token create -description "UI Token" -policy-name "ui-policy" - AccessorID: 56e605cf-a6f9-5f9d-5c08-a0e1323cf016 SecretID: 117842b6-6208-446a-0d1e-daf93854857d Description: UI Token @@ -445,7 +439,6 @@ Local: false Create Time: 2018-10-19 14:55:44.254063 -0400 EDT Policies: 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a - ui-policy - ``` The token can then be set on the "settings" page of the UI.