Commit Graph

51 Commits

Author SHA1 Message Date
Jeff Escalante fe3902c906
maintenance complete, pending markdown-page component addition 2020-12-16 16:55:23 -05:00
Daniel Nephin 462a2b29c3
Merge pull request #9262 from hashicorp/dnephin/docs-deprecate-old-filters
docs: deprecate some old filter parameters
2020-12-15 17:11:41 -05:00
Maksym e21d66aa59
fix 'agent/check/pass/my-check-id' curl example in documentation (#9372) 2020-12-11 13:23:05 +01:00
kaitlincarter-hc 212c9fc684
Filter API Docs (#9202)
* reorganize for clarity and update for value syntax

* fix quotes around value

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Apply suggestions from code review

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-12-09 15:03:44 -08:00
Daniel Nephin 685cb158cf docs: deprecate some old filter parameters
The filtering can be done with the general purpose `filter` query parameter.
2020-11-23 18:23:58 -05:00
R.B. Boyer 7bcbc59dea
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 15:27:31 -06:00
Freddy e4e306210a
Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
Matt Keeler a7d945e7b9
[docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
R.B. Boyer a5bd1ba323
agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 10:38:32 -06:00
Matt Keeler 114521af25
Add some autopilot docs and update the changelog (#9139) 2020-11-09 14:14:19 -05:00
R.B. Boyer 7093b2ea43
docs: all intention documentation updates (#8869) 2020-10-14 10:23:05 -05:00
Matt Keeler 891d05fada
Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-09 10:43:33 -04:00
Hans Hasselberg 296340e13f
Update API docs for GET /operator/keyring (#8691)
The response includes a new field: PrimaryKeys that lists the installed
primary keys.
2020-09-15 21:35:02 +02:00
Blake Covarrubias 2f9c3b870b docs: Fix rendering of link under service config endpoint
HTML and markdown cannot be present in the same line. Change markdown
link to HTML anchor element.
2020-09-08 17:41:10 -07:00
Jasmine W 8ae3332165
docs: update structure (#8506)
- moved and renamed files/folders based on new structure
- updated docs navigation based on new structure
- moved CLI to top nav (created commands.jsx and commands-navigation.js)
- updated and added redirects
- updating to be consistent with standalone categories
- changing "overview" link in top nav to lead to where intro was moved (docs/intro)
- adding redirects for intro content
- deleting old intro folders
- format all data/navigation files
- deleting old commands folder
- reverting changes to glossary page
- adjust intro navigation for removal of 'vs' paths
- add helm page redirect
- fix more redirects
- add a missing redirect
- fix broken anchor links and formatting mistakes
- deleted duplicate section, added redirect, changed link
- removed duplicate glossary page
2020-09-01 11:14:13 -04:00
danielehc 4a1cc8b9f9
Refactor api-docs links to learn (#8488) 2020-08-17 18:20:02 +02:00
Blake Covarrubias 4fecce1344 docs: Fix heading for list prepared queries endpoint 2020-07-17 09:00:17 -07:00
Jeff Escalante 3d91a21d44
Merge pull request #8230 from hashicorp/je.pin-deps
📌 Hard Pin Website Dependencies
2020-07-15 18:45:19 -04:00
Chris Piraino 51f71d43ab
docs: add section for /health/ingress/:service API (#8108)
* docs: add section for /health/ingress/:service API

* Add documentation around consul version for API

* docs: add note about gateway-services API release version
2020-07-10 12:36:46 -05:00
Jeff Escalante 7d590e62c5
update deps, format all files 2020-07-08 19:12:34 -04:00
Seth Hoenig c2a1322894
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949)
Fixes #7764

Until now these two fields could only be set through on-disk agent configuration.
This change adds the fields to the agent API struct definition so that they can
be set using the agent HTTP API.
2020-06-29 14:52:35 +02:00
R.B. Boyer 72a515f5ec
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Jono Sosulska 1f1eb0cb33
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Dexter Lowe a27694d110
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Matt Keeler cdc4b20afa
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
freddygv 51f8f76b3b Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv 26583e12ba Add docs 2020-06-12 13:47:43 -06:00
Daniel Nephin b9e4544ec3 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
R.B. Boyer 7bd7895047
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
Chris Piraino 967ecf59b0
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Jeff Escalante 306e8c84b6 update dependencies 2020-05-21 14:50:45 -04:00
Paul Mundt 9b15050b44
docs: Add Dart client to list of Libraries and SDKs (#7884) 2020-05-20 12:42:12 +02:00
Chris Piraino 7f4f28b6d7
Ingress and Terminating Gateway docs (#7710)
This PR contains documentation additions for ingress and terminating gateways. New pages for the config-entries and overall feature description were added, as well as various additions to related pages.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
Co-authored-by: freddygv <gh@freddygv.xyz>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-05-13 16:29:40 -05:00
R.B. Boyer 49e6680892
docs: docs for jwt and oidc auth methods (#7847) 2020-05-13 14:14:03 -05:00
krishna sindhur a0474e0437
docs: header payload type change (#7763)
* changed the header type from string to list as mentioned in doc in [website/pages/api-docs/agent/check.mdx, website/pages/docs/agent/checks.mdx]
2020-05-12 11:48:48 +02:00
Jono Sosulska 44011c81f2
Fix spelling of deregister (#7804) 2020-05-08 10:03:45 -04:00
R.B. Boyer 1187d7288e
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
This includes website docs updates.
2020-05-06 13:48:04 -05:00
R.B. Boyer c9c557477b
acl: add MaxTokenTTL field to auth methods (#7779)
When set to a non zero value it will limit the ExpirationTime of all
tokens created via the auth method.
2020-05-04 17:02:57 -05:00
R.B. Boyer 265d2ea9e1
acl: add DisplayName field to auth methods (#7769)
Also add a few missing acl fields in the api.
2020-05-04 15:18:25 -05:00
Blake Covarrubias 6e3b3a3f04
Add callouts to Enterprise features (#7548)
Label all enterprise-related content with Enterprise badge/callout.

Resolves #6887

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-04-28 12:53:29 -04:00
Jeff Escalante be78f98a6c
a couple more anchor link fixes 2020-04-28 12:53:26 -04:00
Jeff Escalante 0d0f0ee514
update deps, add no-index category, fix downloads page 2020-04-28 12:53:25 -04:00
Jeff Escalante 3461407f34
fix broken links 2020-04-28 12:53:25 -04:00
Jeff Escalante 3ab1f76c6e
add k8s/consul alias back, fix react prop name 2020-04-28 12:53:24 -04:00
Jeff Escalante b685869419
remove 'sidebar_current' from frontmatter 2020-04-28 12:53:24 -04:00
Jeff Escalante 17452af412
fix new syntax error 2020-04-28 12:53:22 -04:00
Jeff Escalante 99784c4f24
replace internal .html link extensions 2020-04-28 12:53:20 -04:00
Jeff Escalante 4211f12f38
remove internal /index.html 2020-04-28 12:53:20 -04:00
Jeff Escalante 086073d6fb
docs rendering 2020-04-28 12:53:18 -04:00
Jeff Escalante 957c04eb20
intro and api navigation converted 2020-04-28 12:52:44 -04:00