website: add a note in the upgrade notes for 0.6 discovery ACLs
This commit is contained in:
parent
62a8d82f9f
commit
a8b5b980e8
|
@ -14,6 +14,29 @@ details provided for their upgrades as a result of new features or changed
|
|||
behavior. This page is used to document those details seperately from the
|
||||
standard upgrade flow.
|
||||
|
||||
## Consul 0.6
|
||||
|
||||
Consul 0.6 introduces enhancements to the ACL system which may require special
|
||||
handling:
|
||||
|
||||
* Service ACL's are enforced during service discovery (REST + DNS)
|
||||
|
||||
Previously, service discovery was wide open, and any client could query
|
||||
information about any service without providing a token. Consul now requires
|
||||
read-level access at a minimum when ACL's are enabled to return service
|
||||
information over the REST or DNS interfaces. If clients depend on an open
|
||||
service discovery system, then the following should be added to all ACL tokens
|
||||
which require it:
|
||||
|
||||
# Enable discovery of all services
|
||||
service "" {
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
Note that the agent's [`acl_token`](/docs/agent/options.html#acl_token) is used
|
||||
when the DNS interface is queried, so be sure that token has sufficient
|
||||
privileges to return the DNS records you expect to retrieve from it.
|
||||
|
||||
## Consul 0.5.1
|
||||
|
||||
Consul version 0.5.1 uses a different backend store for persisting the Raft
|
||||
|
|
Loading…
Reference in a new issue