status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: Fix some comments (#17118) 

Signed-off-by: cui fliter <imcusg@gmail.com>
This commit is contained in:
cui fliter 2023-08-01 01:56:09 +08:00 committed by GitHub
parent 356b29bf35
commit 18a5edd232
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
38 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/connect/ca/provider.go
View File

@ -152,7 +152,7 @@ type PrimaryProvider interface {
SignIntermediate(*x509.CertificateRequest) (string, error)
// CrossSignCA must accept a CA certificate from another CA provider and cross
// sign it exactly as it is such that it forms a chain back the the
// sign it exactly as it is such that it forms a chain back the
// CAProvider's current root. Specifically, the Distinguished Name, Subject
// Alternative Name, SubjectKeyID and other relevant extensions must be kept.
// The resulting certificate must have a distinct Serial Number and the

2
agent/connect/parsing.go
View File

@ -148,7 +148,7 @@ func ParseSigner(pemValue string) (crypto.Signer, error) {
}
// ParseCSR parses a CSR from a PEM-encoded value. The certificate request
// must be the the first block in the PEM value.
// must be the first block in the PEM value.
func ParseCSR(pemValue string) (*x509.CertificateRequest, error) {
// The _ result below is not an error but the remaining PEM bytes.
block, _ := pem.Decode([]byte(pemValue))

2
agent/consul/auto_config_backend.go
View File

@ -34,7 +34,7 @@ func (b autoConfigBackend) GetCARoots() (*structs.IndexedCARoots, error) {
}
// DatacenterJoinAddresses will return all the strings suitable for usage in
// retry join operations to connect to the the LAN or LAN segment gossip pool.
// retry join operations to connect to the LAN or LAN segment gossip pool.
func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([]string, error) {
members, err := b.Server.LANMembers(LANMemberFilter{
Segment: segment,

2
agent/consul/prepared_query_endpoint_test.go
View File

@ -2808,7 +2808,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
t.Fatalf("bad: %v", ret)
}
// Since we have no idea when the joinWAN operation completes
// we keep on querying until the the join operation completes.
// we keep on querying until the join operation completes.
retry.Run(t, func(r *retry.R) {
r.Check(s1.forwardDC("Status.Ping", "dc2", &struct{}{}, &struct{}{}))
})

2
agent/consul/server.go
View File

@ -242,7 +242,7 @@ type Server struct {
// serf cluster that spans datacenters
eventChWAN chan serf.Event
// wanMembershipNotifyCh is used to receive notifications that the the
// wanMembershipNotifyCh is used to receive notifications that the
// serfWAN wan pool may have changed.
//
// If this is nil, notification is skipped.

4
agent/consul/state/catalog.go
View File

@ -3972,7 +3972,7 @@ func updateGatewayService(tx WriteTxn, idx uint64, mapping *structs.GatewayServi
}
// checkWildcardForGatewaysAndUpdate checks whether a service matches a
// wildcard definition in gateway config entries and if so adds it the the
// wildcard definition in gateway config entries and if so adds it the
// gateway-services table.
func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, ns *structs.NodeService, kind structs.GatewayServiceKind) error {
sn := structs.ServiceName{Name: structs.WildcardSpecifier, EnterpriseMeta: svc.EnterpriseMeta}
@ -4020,7 +4020,7 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.Servic
}
// checkGatewayAndUpdate checks whether a service matches a
// wildcard definition in gateway config entries and if so adds it the the
// wildcard definition in gateway config entries and if so adds it the
// gateway-services table.
func checkGatewayAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error {
sn := structs.ServiceName{Name: svc.Name, EnterpriseMeta: svc.EnterpriseMeta}

2
agent/consul/state/catalog_events.go
View File

@ -645,7 +645,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod
}
// newServiceHealthEventsForNode returns health events for all services on the
// given node. This mirrors some of the the logic in the oddly-named
// given node. This mirrors some of the logic in the oddly-named
// parseCheckServiceNodes but is more efficient since we know they are all on
// the same node.
func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta, peerName string) ([]stream.Event, error) {

2
agent/proxycfg/proxycfg.go
View File

@ -45,7 +45,7 @@
// ConfigSource - on a client agent this would be a local config source, on a
// server it would be a catalog config source.
// 4. On server, the catalog config source will check if service is registered locally.
// 4a. If the service *is* registered locally it hands off the the local config
// 4a. If the service *is* registered locally it hands off the local config
// source, which calls Watch on the proxycfg manager (and serves the pre-
// fetched data).
// 5. Otherwise, it fetches the service from the state store.

2
agent/structs/acl.go
View File

@ -1296,7 +1296,7 @@ type ACLTokenListResponse struct {
}
// ACLTokenBatchGetRequest is used for reading multiple tokens, this is
// different from the the token list request in that only tokens with the
// different from the token list request in that only tokens with the
// the requested ids are returned
type ACLTokenBatchGetRequest struct {
AccessorIDs []string // List of accessor ids to fetch

2
agent/structs/prepared_query.go
View File

@ -341,7 +341,7 @@ type PreparedQueryExecuteRemoteRequest struct {
Connect bool
// QueryOptions (unfortunately named here) controls the consistency
// settings for the the service lookups.
// settings for the service lookups.
QueryOptions
}

2
agent/xds/delta.go
View File

@ -117,7 +117,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
// type => name => proto
resourceMap = xdscommon.EmptyIndexedResources()
// currentVersions is the the xDS versioning represented by Resources.
// currentVersions is the xDS versioning represented by Resources.
//
// type => name => version (as consul knows right now)
currentVersions = make(map[string]map[string]string)

2
command/connect/envoy/bootstrap_tpl.go
View File

@ -8,7 +8,7 @@ package envoy
type BootstrapTplArgs struct {
GRPC
// ProxyCluster is the cluster name for the the Envoy `node` specification and
// ProxyCluster is the cluster name for the Envoy `node` specification and
// is typically the same as the ProxyID.
ProxyCluster string

2
connect/tls.go
View File

@ -425,7 +425,7 @@ func (cfg *dynamicTLSConfig) Ready() bool {
return cfg.VerifyLeafWithRoots() == nil
}
// ReadyWait returns a chan that is closed when the the Service becomes ready
// ReadyWait returns a chan that is closed when the Service becomes ready
// for use for the first time. Note that if the Service is ready when it is
// called it returns a nil chan. Ready means that it has root and leaf
// certificates configured but not that the combination is valid nor that

2
envoyextensions/extensioncommon/envoy_extender.go
View File

@ -17,7 +17,7 @@ type EnvoyExtender interface {
// Extend updates indexed xDS structures to include patches for
// built-in extensions. It is responsible for applying extensions to
// the the appropriate xDS resources. If any portion of this function fails,
// the appropriate xDS resources. If any portion of this function fails,
// it will attempt continue and return an error. The caller can then determine
// if it is better to use a partially applied extension or error out.
Extend(*xdscommon.IndexedResources, *RuntimeConfig) (*xdscommon.IndexedResources, error)

2
proto/private/pbpeering/peering.pb.go
View File

@ -324,7 +324,7 @@ type Peering struct {
PeerCAPems []string `protobuf:"bytes,8,rep,name=PeerCAPems,proto3" json:"PeerCAPems,omitempty"`
// PeerServerName is the name of the remote server as it relates to TLS.
PeerServerName string `protobuf:"bytes,9,opt,name=PeerServerName,proto3" json:"PeerServerName,omitempty"`
// PeerServerAddresses contains all the the connection addresses for the remote peer.
// PeerServerAddresses contains all the connection addresses for the remote peer.
PeerServerAddresses []string `protobuf:"bytes,10,rep,name=PeerServerAddresses,proto3" json:"PeerServerAddresses,omitempty"`
// StreamStatus contains information computed on read based on the state of the stream.
//

2
proto/private/pbpeering/peering.proto
View File

@ -229,7 +229,7 @@ message Peering {
// PeerServerName is the name of the remote server as it relates to TLS.
string PeerServerName = 9;
// PeerServerAddresses contains all the the connection addresses for the remote peer.
// PeerServerAddresses contains all the connection addresses for the remote peer.
repeated string PeerServerAddresses = 10;
// StreamStatus contains information computed on read based on the state of the stream.

2
sdk/iptables/iptables.go
View File

@ -149,7 +149,7 @@ func Setup(cfg Config) error {
// Redirect remaining outbound traffic to Envoy.
cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", ProxyOutputChain, "-j", ProxyOutputRedirectChain)
// We are using "insert" (-I) instead of "append" (-A) so the the provided rules take precedence over default ones.
// We are using "insert" (-I) instead of "append" (-A) so the provided rules take precedence over default ones.
for _, outboundPort := range cfg.ExcludeOutboundPorts {
cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-I", ProxyOutputChain, "-p", "tcp", "--dport", outboundPort, "-j", "RETURN")
}

2
test/integration/connect/envoy/case-stats-proxy/verify.bats
View File

@ -40,7 +40,7 @@ load helpers
must_match_in_stats_proxy_response localhost:1239 \
'stats' '^http.envoy_metrics.downstream_rq_active'
# Response should include the the local cluster request.
# Response should include the local cluster request.
retry_default \
must_match_in_stats_proxy_response localhost:1239 \
'stats' 'cluster.local_agent.upstream_rq_active'

2
website/content/api-docs/acl/index.mdx
View File

@ -444,7 +444,7 @@ replication enabled.
login. This must be of type [`oidc`](/consul/docs/security/acl/auth-methods/oidc).
- `State` `(string: <required>)` - Opaque state ID that is part of the
Authorization URL and will be included in the the redirect following
Authorization URL and will be included in the redirect following
successful authentication on the provider.
- `Code` `(string: <required>)` - Provider-generated authorization code that

2
website/content/api-docs/catalog.mdx
View File

@ -55,7 +55,7 @@ The table below shows this endpoint's support for
- `NodeMeta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata
pairs for filtering purposes.
- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The the `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
You can only specify one service with a given `ID` per node. We recommend using
valid DNS labels for service definition names. Refer to the Internet Engineering Task Force's [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#page-72) for additional information. Service names that conform to standard usage ensures compatibility with external DNSs. Refer to [Services Configuration Reference](/consul/docs/services/configuration/services-configuration-reference#name) for additional information.
The following fields are optional:

2
website/content/api-docs/status.mdx
View File

@ -51,7 +51,7 @@ $ curl http://127.0.0.1:8500/v1/status/leader
## List Raft Peers
This endpoint retrieves the Raft peers for the datacenter in which the the agent
This endpoint retrieves the Raft peers for the datacenter in which the agent
is running. This list of peers is strongly consistent and can be useful in
determining when a given server has successfully joined the cluster.

2
website/content/commands/connect/envoy.mdx
View File

@ -342,7 +342,7 @@ immediately unlinks it so it can't be read by any other process that doesn't
already have the file descriptor. It then writes the bootstrap JSON, and unsets
the CLOEXEC bit on the file handle so that it remains available to the Envoy
process after exec. Finally it `exec`s Envoy with `--config-file /dev/fd/X`
where `X` is the the file descriptor number of the temp file.
where `X` is the file descriptor number of the temp file.
This ensures that Envoy can read the file without any other normal user process
being able to (assuming they don't have privileged access to /proc). Once the

2
website/content/commands/debug.mdx
View File

@ -86,7 +86,7 @@ information when `debug` is running. By default, it captures all information.
This command can be run from any host with the Consul binary, but requires
network access to the target agent in order to retrieve data. Once retrieved,
the data is written to the the specified path (defaulting to the current
the data is written to the specified path (defaulting to the current
directory) on the host where the command runs.
By default the command will capture all available data from the default

2
website/content/commands/snapshot/agent.mdx
View File

@ -339,7 +339,7 @@ no `aws-s3-static-snapshot-name` configured.
| `ListBucket` | `arn:aws:s3:::<bucket name>` | Required only when snapshot rotation is enabled |
| `ListBucketVersions` | `arn:aws:s3:::<bucket name>` | Required only when snapshot rotation is enabled |
Within the table `<key>` refers to the the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
Within the table `<key>` refers to the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
The following example IAM policy document assumes that the `aws-s3-bucket` is `consul-data` with defaults for `aws-s3-key-prefix`, `aws-s3-static-snapshot-name` and `retain`:

2
website/content/docs/agent/config/cli-flags.mdx
View File

@ -273,7 +273,7 @@ information.
- `-config-dir` ((#\_config_dir)) - A directory of configuration files to
load. Consul will load all files in this directory with the suffix ".json" or ".hcl".
The load order is alphabetical, and the the same merge routine is used as with
The load order is alphabetical, and the same merge routine is used as with
the [`config-file`](#_config_file) option above. This option can be specified multiple
times to load multiple directories. Sub-directories of the config directory are
not loaded. For more information on the format of the configuration files, see

2
website/content/docs/agent/config/config-files.mdx
View File

@ -948,7 +948,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
`service:write` permissions for service "B", the agent will successfully register service "A"
and fail to register service "B". Failed registration requests are eventually retried as part
of [anti-entropy enforcement](/consul/docs/architecture/anti-entropy). If a registration request is
failing due to missing permissions, the the token for this agent can be updated with
failing due to missing permissions, the token for this agent can be updated with
additional policy rules or the `config_file_service_registration` token can be replaced using
the [Set Agent Token](/consul/commands/acl/set-agent-token) CLI command.

4
website/content/docs/agent/telemetry.mdx
View File

@ -566,7 +566,7 @@ These metrics are used to monitor the health of the Consul servers.
| `consul.rpc.raft_handoff` | Increments when a server accepts a Raft-related RPC connection. | connections | counter |
| `consul.rpc.request` | Increments when a server receives a Consul-related RPC request. | requests | counter |
| `consul.rpc.request_error` | Increments when a server returns an error from an RPC request. | errors | counter |
| `consul.rpc.query` | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the the start of a query. The rate of queries will appear lower, but is more accurate. | queries | counter |
| `consul.rpc.query` | Increments when a server receives a read RPC request, indicating the rate of new read queries. See consul.rpc.queries_blocking for the current number of in-flight blocking RPC calls. This metric changed in 1.7.0 to only increment on the start of a query. The rate of queries will appear lower, but is more accurate. | queries | counter |
| `consul.rpc.queries_blocking` | The current number of in-flight blocking queries the server is handling. | queries | gauge |
| `consul.rpc.cross-dc` | Increments when a server sends a (potentially blocking) cross datacenter RPC query. | queries | counter |
| `consul.rpc.consistentRead` | Measures the time spent confirming that a consistent read can be performed. | ms | timer |
@ -603,7 +603,7 @@ Label based RPC metrics were added in Consul 1.12.0 as a Beta feature to better
### Labels
The the server workload metrics above come with the following labels:
The server workload metrics above come with the following labels:
| Label Name | Description | Possible values |
| ------------------------------------- | -------------------------------------------------------------------- | --------------------------------------- |

2
website/content/docs/api-gateway/configuration/routes.mdx
View File

@ -210,7 +210,7 @@ The following table describes the parameters for `path`:
| Parameter | Description | Type | Required |
| --- | --- | --- | --- |
| `replacePrefixMatch` | Specifies a value that replaces the path prefix for incoming HTTP requests. The operation only affects the path prefix. The rest of the path is unchanged. | String | Required |
| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the the matched prefix of the URL path (default). </li></ul> | String | Optional |
| `type` | Specifies the type of replacement to use for the URL path. You can specify the following values: <ul><li>`ReplacePrefixMatch`: Replaces the matched prefix of the URL path (default). </li></ul> | String | Optional |
### rules.matches

2
website/content/docs/api-gateway/tech-specs.mdx
View File

@ -63,7 +63,7 @@ The following resources are allocated for each component of the API gateway.
### Gateway controller pod
- **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
- **Memory**: None. Either the the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
- **Memory**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
### Gateway instance pod

2
website/content/docs/dynamic-app-config/kv.mdx
View File

@ -33,7 +33,7 @@ To restrict access, enable and configure
[ACLs](/consul/tutorials/security/access-control-setup-production).
Once the ACL system has been bootstrapped, users and services, will need a
valid token with KV [privileges](/consul/docs/security/acl/acl-rules#key-value-rules) to
access the the data store, this includes even reads. We recommend creating a
access the data store, this includes even reads. We recommend creating a
token with limited privileges, for example, you could create a token with write
privileges on one key for developers to update the value related to their
application.

4
website/content/docs/ecs/manual/secure-configuration.mdx
View File

@ -89,7 +89,7 @@ The following flags are required:
| `-type` | string | Must be `aws-iam`. |
| `-name` | string | A name of your choice. Must be unique among all auth methods. |
| `-description` | string | A description of your choice. |
| `-config` | string | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method. |
| `-config` | string | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method. |
In the `-config` option, the following fields are required:
@ -177,7 +177,7 @@ The following flags are required:
| `-type` | string | Must be `aws-iam`. |
| `-name` | string | A name of your choice. Must be unique among all auth methods. |
| `-description` | string | A description of your choice. |
| `-config` | string | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the the auth method. |
| `-config` | string | A JSON string containing the [configuration](/consul/docs/security/acl/auth-methods/aws-iam#config-parameters) for the auth method. |
In the `-config` option, the following fields are required:

4
website/content/docs/k8s/connect/cluster-peering/usage/manage-peering.mdx
View File

@ -100,7 +100,7 @@ To end a peering connection in Kubernetes deployments, delete both the `PeeringA
$ kubectl --context $CLUSTER1_CONTEXT delete --filename acceptor.yaml
````
To confirm that you deleted your peering connection in `cluster-01`, query the the `/health` HTTP endpoint:
To confirm that you deleted your peering connection in `cluster-01`, query the `/health` HTTP endpoint:
1. Exec into the server pod for the first cluster.
@ -114,7 +114,7 @@ To confirm that you deleted your peering connection in `cluster-01`, query the t
$ export CONSUL_HTTP_TOKEN=<INSERT BOOTSTRAP ACL TOKEN>
```
1. Query the the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
1. Query the `/health` HTTP endpoint. Peered services with deleted connections should no longe appear.
```shell-session
$ curl "localhost:8500/v1/health/connect/backend?peer=cluster-02"

2
website/content/docs/nia/configuration.mdx
View File

@ -84,7 +84,7 @@ license {
### Auto-retrieval
You can use the `auto_retrieval` block to configure the the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
You can use the `auto_retrieval` block to configure the automatic license retrieval in CTS. When enabled, CTS attempts to retrieve a new license from its configured Consul Enterprise backend once a day. If CTS cannot retrieve a license and the current license is reaching its expiration date, CTS attempts to retrieve a license with increased frequency, as defined by the [License Expiration Date Handling](/consul/docs/nia/enterprise/license#license-expiration-handling).
~> Enabling `auto_retrieval` is recommended when using HCP Consul, as HCP Consul licenses expire more frequently than Consul Enterprise licenses. Without auto-retrieval enabled, you have to restart CTS every time you load a new license.

2
website/content/docs/nia/usage/errors-ref.mdx
View File

@ -11,7 +11,7 @@ This topic explains error messages you may encounter when using Consul-Terraform
## Example error log messages
If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the the local module is missing, then the following message appears in the log:
If you configured the CTS cluster to run in [high availability mode](/consul/docs/nia/usage/run-ha) and the local module is missing, then the following message appears in the log:
```shell-session
[ERROR] ha.compat: error="compatibility check failure: stat ./example-module: no such file or directory"

2
website/content/docs/release-notes/consul-api-gateway/v0_1_x.mdx
View File

@ -19,7 +19,7 @@ gateway functionality. It provides additional capabilities that ingress gateway
1. It allows you to configure and deploy new gateways at any time, without
rerunning the Consul Helm chart. The configuration of a running gateway can
be changed dynamically at anytime, usually without disrupting any the the
be changed dynamically at anytime, usually without disrupting any the
traffic flowing through it.
1. Listeners on a gateway can use TLS server certificates signed by any
certificate authority (CA). This allows you to use certificates from public

4
website/content/docs/security/acl/acl-roles.mdx
View File

@ -93,7 +93,7 @@ Use the following syntax to define a service identity:
- `ServiceIdentities.ServiceName`: String value that specifies the name of the service you want to associate with the policy.
- `ServiceIdentities.Datacenters`: Array that specifies the names of datacenters in which the service identity applies. This field is optional.
Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
-> **Scope for Namespace and Admin Partition** - In Consul Enterprise, service identities inherit the namespace or admin partition scope of the corresponding ACL token or role.
@ -230,7 +230,7 @@ Use the following syntax to define a node identity:
- `NodeIdentities.NodeName`: String value that specifies the name of the node you want to associate with the policy.
- `NodeIdentities.Datacenter`: String value that specifies the name of the datacenter in which the node identity applies.
Refer to the the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
Refer to the [API documentation for roles](/consul/api-docs/acl/roles#sample-payload) for additional information and examples.
-> **Consul Enterprise Namespacing** - Node Identities can only be applied to tokens and roles in the `default` namespace. The generated policy rules allow for `service:read` permissions on all services in all namespaces.

2
website/content/docs/security/acl/auth-methods/index.mdx
View File

@ -74,7 +74,7 @@ tokens without operator intervention.
Successful authentication with an auth method returns a set of trusted
identity attributes corresponding to the authenticated identity. Those
attributes are matched against all configured binding rules for that auth
method to determine what privileges to grant the the Consul ACL token it will
method to determine what privileges to grant the Consul ACL token it will
ultimately create.
Each binding rule is composed of two portions:

2
website/content/docs/upgrading/upgrade-specific.mdx
View File

@ -864,7 +864,7 @@ API so existing integrations that create tokens (e.g. Vault) will continue to
work. The "legacy" tokens generated though will not be able to take advantage of
new policy features. It's recommended that you complete migration of all tokens
as soon as possible after upgrade, as well as updating any integrations to work
with the the new ACL [Token](/consul/api-docs/acl/tokens) and
with the new ACL [Token](/consul/api-docs/acl/tokens) and
[Policy](/consul/api-docs/acl/policies) APIs.
### Multi-datacenter service mesh