luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Docs Proofing (#5424) 

* Docs: Remove default_policy From Code Example

It is not needed according to:
https://www.consul.io/docs/agent/acl-system.html#configuring-acls

* Docs: Cleanup Commands And Their Output On ACL Guide Page

Remove extra spaces and newlines
Ensure rules match input rules

* Docs: Remove Incomplete "Added In Version" Statement

Version added is specified on parent option

* Docs: Fix Broken Links

* Docs: Minor Sentence Tweaks
This commit is contained in:
Alex Mayer 2019-03-15 10:35:33 -04:00 committed by kaitlincarter-hc
parent 240934e856
commit a73d983d19
5 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/source/docs/agent/acl-rules.html.md
View File

@ -189,7 +189,7 @@ with `bar`.
Since [Agent API](/api/agent.html) utility operations may be reqired before an agent is joined to Since [Agent API](/api/agent.html) utility operations may be reqired before an agent is joined to
a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be a cluster, or during an outage of the Consul servers or ACL datacenter, a special token may be
configured with [`acl_agent_master_token`](/docs/agent/options.html#acl_agent_master_token) to allow configured with [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) to allow
write access to these operations even if no ACL resolution capability is available. write access to these operations even if no ACL resolution capability is available.
#### Event Rules #### Event Rules

6
website/source/docs/agent/acl-system.html.md
View File

@ -124,8 +124,8 @@ Consul datacenters, and does not allow modification of any state.
3. The [connect CA roots endpoint](/api/connect/ca.html#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul. 3. The [connect CA roots endpoint](/api/connect/ca.html#list-ca-root-certificates) exposes just the public TLS certificate which other systems can use to verify the TLS connection with Consul.
Constructing rules from these policies is covered in detail in the Constructing rules from these policies is covered in detail on the
[Rule Specification](#rule-specification) section below. [ACL Rules](/docs/agent/acl-rules.html) page.
## Configuring ACLs ## Configuring ACLs
@ -147,7 +147,7 @@ system, or accessing Consul in special situations:
| ------------- | ------- | ------- | ------- | | ------------- | ------- | ------- | ------- |
| [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent.html) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details | | [`acl.tokens.agent_master`](/docs/agent/options.html#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent.html) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details |
| [`acl.tokens.agent`](/docs/agent/options.html#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details | | [`acl.tokens.agent`](/docs/agent/options.html#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details |
| [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](#bootstrapping-acls) section for more details | | [`acl.tokens.master`](/docs/agent/options.html#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) guide for more details |
| [`acl.tokens.default`](/docs/agent/options.html#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents | | [`acl.tokens.default`](/docs/agent/options.html#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents |
All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent.html#update-acl-tokens). All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent.html#update-acl-tokens).

2
website/source/docs/agent/checks.html.md
View File

@ -59,7 +59,7 @@ There are several different kinds of checks:
Certificate verification can be turned off by setting the `tls_skip_verify` Certificate verification can be turned off by setting the `tls_skip_verify`
field to `true` in the check definition. field to `true` in the check definition.
* TCP + Interval - These checks make an TCP connection attempt every Interval * TCP + Interval - These checks make a TCP connection attempt every Interval
(e.g. every 30 seconds) to the specified IP/hostname and port. If no hostname (e.g. every 30 seconds) to the specified IP/hostname and port. If no hostname
is specified, it defaults to "localhost". The status of the service depends on is specified, it defaults to "localhost". The status of the service depends on
whether the connection attempt is successful (ie - the port is currently whether the connection attempt is successful (ie - the port is currently

2
website/source/docs/agent/options.html.md
View File

@ -584,7 +584,7 @@ default will automatically work with some tooling.
* <a name="acl_tokens_agent"></a><a href="#acl_tokens_agent">`agent`</a> - Used for clients * <a name="acl_tokens_agent"></a><a href="#acl_tokens_agent">`agent`</a> - Used for clients
and servers to perform internal operations. If this isn't specified, then the and servers to perform internal operations. If this isn't specified, then the
<a href="#acl_tokens_default">`default`</a> will be used. This was added in Consul <a href="#acl_tokens_default">`default`</a> will be used.
<br/><br/> <br/><br/>
This token must at least have write access to the node name it will register as in order to set any This token must at least have write access to the node name it will register as in order to set any
of the node-level information in the catalog such as metadata, or the node's tagged addresses. There of the node-level information in the catalog such as metadata, or the node's tagged addresses. There

9
website/source/docs/guides/acl.html.md
View File

@ -139,7 +139,6 @@ Rules:
node_prefix "" { node_prefix "" {
policy = "write" policy = "write"
} }
service_prefix "" { service_prefix "" {
policy = "read" policy = "read"
} }
@ -247,7 +246,6 @@ with a configuration file that enables ACLs. We can use the same ACL agent token
{ {
"acl" : { "acl" : {
"enabled" : true, "enabled" : true,
"default_policy" : "deny",
"down_policy" : "extend-cache", "down_policy" : "extend-cache",
"tokens" : { "tokens" : {
"agent" : "da666809-98ca-0e94-a99c-893c4bf5f9eb" "agent" : "da666809-98ca-0e94-a99c-893c4bf5f9eb"
@ -296,7 +294,6 @@ we will give the anonymous token read privileges for all nodes:
```bash ```bash
$ consul acl policy create -name 'list-all-nodes' -rules 'node_prefix "" { policy = "read" }' $ consul acl policy create -name 'list-all-nodes' -rules 'node_prefix "" { policy = "read" }'
ID: e96d0a33-28b4-d0dd-9b3f-08301700ac72 ID: e96d0a33-28b4-d0dd-9b3f-08301700ac72
Name: list-all-nodes Name: list-all-nodes
Description: Description:
@ -305,7 +302,6 @@ Rules:
node_prefix "" { policy = "read" } node_prefix "" { policy = "read" }
$ consul acl token update -id 00000000-0000-0000-0000-000000000002 -policy-name list-all-nodes -description "Anonymous Token - Can List Nodes" $ consul acl token update -id 00000000-0000-0000-0000-000000000002 -policy-name list-all-nodes -description "Anonymous Token - Can List Nodes"
Token updated successfully. Token updated successfully.
AccessorID: 00000000-0000-0000-0000-000000000002 AccessorID: 00000000-0000-0000-0000-000000000002
SecretID: anonymous SecretID: anonymous
@ -424,20 +420,18 @@ First create the new policy.
$ consul acl policy create -name "ui-policy" \ $ consul acl policy create -name "ui-policy" \
-description "Necessary permissions for UI functionality" \ -description "Necessary permissions for UI functionality" \
-rules 'key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }' -rules 'key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }'
ID: 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a ID: 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a
Name: ui-policy Name: ui-policy
Description: Necessary permissions for UI functionality Description: Necessary permissions for UI functionality
Datacenters: Datacenters:
Rules: Rules:
key "" { policy = "write" } node "" { policy = "read" } service "" { policy = "read" } key_prefix "" { policy = "write" } node_prefix "" { policy = "read" } service_prefix "" { policy = "read" }
``` ```
With the new policy, create a token. With the new policy, create a token.
```sh ```sh
$ consul acl token create -description "UI Token" -policy-name "ui-policy" $ consul acl token create -description "UI Token" -policy-name "ui-policy"
AccessorID: 56e605cf-a6f9-5f9d-5c08-a0e1323cf016 AccessorID: 56e605cf-a6f9-5f9d-5c08-a0e1323cf016
SecretID: 117842b6-6208-446a-0d1e-daf93854857d SecretID: 117842b6-6208-446a-0d1e-daf93854857d
Description: UI Token Description: UI Token
@ -445,7 +439,6 @@ Local: false
Create Time: 2018-10-19 14:55:44.254063 -0400 EDT Create Time: 2018-10-19 14:55:44.254063 -0400 EDT
Policies: Policies:
9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a - ui-policy 9cb99b2b-3c20-81d4-a7c0-9ffdc2fbf08a - ui-policy
``` ```
The token can then be set on the "settings" page of the UI. The token can then be set on the "settings" page of the UI.