docs: adding note about enabling acl token replication for auth methods (#5792)

This commit is contained in:
R.B. Boyer 2019-05-06 11:57:31 -05:00 committed by GitHub
parent dbf0a0f6c0
commit 0f686687b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions

View File

@ -285,6 +285,14 @@ The table below shows this endpoint's support for
| ---------------- | ----------------- | ------------- | ------------ |
| `NO` | `none` | `none` | `none` |
-> **Note** - To use the login process to create tokens in any connected
secondary datacenter, [ACL
replication](/docs/agent/options.html#acl_enable_token_replication) must be
enabled. Login requires the ability to create local tokens which is restricted
to the primary datacenter and any secondary datacenters with ACL token
replication enabled.
### Parameters
- `AuthMethod` `(string: <required>)` - The name of the auth method to use for login.

View File

@ -54,6 +54,12 @@ using the API or command line before they can be used by applications.
with the `consul acl binding-rule` subcommands or the corresponding [API
endpoints](/api/acl/binding-rules.html).
-> **Note** - To configure auth methods in any connected secondary datacenter,
[ACL token replication](/docs/agent/options.html#acl_enable_token_replication)
must be enabled. Auth methods require the ability to create local tokens which
is restricted to the primary datacenter and any secondary datacenters with ACL
token replication enabled.
## Binding Rules
Binding rules allow an operator to express a systematic way of automatically

View File

@ -561,8 +561,11 @@ default will automatically work with some tooling.
* <a name="acl_enable_key_list"></a><a href="#acl_enable_key_list">`enable_key_list`</a> - Either "enabled" or "disabled", defaults to "disabled". When enabled, the `list` permission will be required on the prefix being recursively read from the KV store. Regardless of being enabled, the full set of KV entries under the prefix will be filtered to remove any entries that the request's ACL token does not grant at least read persmissions. This option is only available in Consul 1.0 and newer.
* <a name="acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By
default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will
also enable ACL token replication.
default secondary Consul datacenters will perform replication of only ACL policies and roles.
Setting this configuration will will enable ACL token replication and
allow for the creation of both [local tokens](/api/acl/tokens.html#local)
and [auth methods](/docs/acl/acl-auth-methods.html) in connected secondary
datacenters.
* <a name="acl_enable_token_persistence"></a><a href="#acl_enable_token_persistence">`enable_token_persistence`</a> - Either
`true` or `false`. When `true` tokens set using the API will be persisted to disk and reloaded when an agent restarts.