From 12a46cd996da65841a276b87dc5526f0d9e65068 Mon Sep 17 00:00:00 2001 From: Paul Banks Date: Fri, 8 Jun 2018 12:26:27 +0100 Subject: [PATCH] Fix "fail open" wording "fail open" implies that we just allow anything if an agent gets partitioned which is not the right meaning! --- website/source/docs/connect/intentions.html.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/source/docs/connect/intentions.html.md b/website/source/docs/connect/intentions.html.md index 4c27c17045..1bf5028660 100644 --- a/website/source/docs/connect/intentions.html.md +++ b/website/source/docs/connect/intentions.html.md @@ -153,6 +153,8 @@ Updates to intentions are propagated nearly instantly to agents since agents maintain a continuous blocking query in the background for intention updates for registered services. -Because all the intention data is cached locally, the agents can fail open. +Because all the intention data is cached locally, the agents can fail static. Even if the agents are severed completely from the Consul servers, inbound connection authorization continues to work for a configured amount of time. +Changes to intentions will not be picked up until the partition heals, but +will then automatically take effect when connectivity is restored.