mirror of https://github.com/status-im/consul.git
Merge branch 'main' of github.com:hashicorp/consul into what_service_mesh
This commit is contained in:
commit
27d8959a5a
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
connect: update Envoy supported version of 1.20 to 1.20.1
|
||||
```
|
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
serf: update serf v0.9.7, complete the leave process if broadcasting leave timeout.
|
||||
```
|
|
@ -837,10 +837,10 @@ jobs:
|
|||
environment:
|
||||
ENVOY_VERSION: "1.19.1"
|
||||
|
||||
envoy-integration-test-1_20_0:
|
||||
envoy-integration-test-1_20_1:
|
||||
<<: *ENVOY_TESTS
|
||||
environment:
|
||||
ENVOY_VERSION: "1.20.0"
|
||||
ENVOY_VERSION: "1.20.1"
|
||||
|
||||
# run integration tests for the connect ca providers
|
||||
test-connect-ca-providers:
|
||||
|
@ -1091,7 +1091,7 @@ workflows:
|
|||
- envoy-integration-test-1_19_1:
|
||||
requires:
|
||||
- dev-build
|
||||
- envoy-integration-test-1_20_0:
|
||||
- envoy-integration-test-1_20_1:
|
||||
requires:
|
||||
- dev-build
|
||||
|
||||
|
|
|
@ -249,4 +249,4 @@ jobs:
|
|||
arch: ${{matrix.arch}}
|
||||
tags: |
|
||||
docker.io/hashicorp/${{env.repo}}:${{env.version}}
|
||||
ecr.public.aws/hashicorp/${{env.repo}}:${{env.version}}
|
||||
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}
|
||||
|
|
105
CHANGELOG.md
105
CHANGELOG.md
|
@ -1,3 +1,46 @@
|
|||
## 1.11.2 (January 12, 2022)
|
||||
|
||||
FEATURES:
|
||||
|
||||
* ingress: allow setting TLS min version and cipher suites in ingress gateway config entries [[GH-11576](https://github.com/hashicorp/consul/issues/11576)]
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* api: Return 404 when de-registering a non-existent check [[GH-11950](https://github.com/hashicorp/consul/issues/11950)]
|
||||
* connect: Add support for connecting to services behind a terminating gateway when using a transparent proxy. [[GH-12049](https://github.com/hashicorp/consul/issues/12049)]
|
||||
* http: when a user attempts to access the UI but can't because it's disabled, explain this and how to fix it [[GH-11820](https://github.com/hashicorp/consul/issues/11820)]
|
||||
* ui: Added a notice for non-primary intention creation [[GH-11985](https://github.com/hashicorp/consul/issues/11985)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* Mutate `NodeService` struct properly to avoid a data race. [[GH-11940](https://github.com/hashicorp/consul/issues/11940)]
|
||||
* Upgrade to raft `1.3.3` which fixes a bug where a read replica node can trigger a raft election and become a leader. [[GH-11958](https://github.com/hashicorp/consul/issues/11958)]
|
||||
* cli: Display assigned node identities in output of `consul acl token list`. [[GH-11926](https://github.com/hashicorp/consul/issues/11926)]
|
||||
* cli: when creating a private key, save the file with mode 0600 so that only the user has read permission. [[GH-11781](https://github.com/hashicorp/consul/issues/11781)]
|
||||
* config: include all config errors in the error message, previously some could be hidden. [[GH-11918](https://github.com/hashicorp/consul/issues/11918)]
|
||||
* memberlist: fixes a bug which prevented members from joining a cluster with
|
||||
large amounts of churn [[GH-253](https://github.com/hashicorp/memberlist/issues/253)] [[GH-12042](https://github.com/hashicorp/consul/issues/12042)]
|
||||
* snapshot: the `snapshot save` command now saves the snapshot with read permission for only the current user. [[GH-11918](https://github.com/hashicorp/consul/issues/11918)]
|
||||
* ui: Differentiate between Service Meta and Node Meta when choosing search fields
|
||||
in Service Instance listings [[GH-11774](https://github.com/hashicorp/consul/issues/11774)]
|
||||
* ui: Ensure a login buttons appear for some error states, plus text amends [[GH-11892](https://github.com/hashicorp/consul/issues/11892)]
|
||||
* ui: Ensure partition query parameter is passed through to all OIDC related API
|
||||
requests [[GH-11979](https://github.com/hashicorp/consul/issues/11979)]
|
||||
* ui: Fix an issue where attempting to delete a policy from the policy detail page when
|
||||
attached to a token would result in the delete button disappearing and no
|
||||
deletion being attempted [[GH-11868](https://github.com/hashicorp/consul/issues/11868)]
|
||||
* ui: Fixes a bug where proxy service health checks would sometimes not appear
|
||||
until refresh [[GH-11903](https://github.com/hashicorp/consul/issues/11903)]
|
||||
* ui: Fixes a bug with URL decoding within KV area [[GH-11931](https://github.com/hashicorp/consul/issues/11931)]
|
||||
* ui: Fixes a visual issue with some border colors [[GH-11959](https://github.com/hashicorp/consul/issues/11959)]
|
||||
* ui: Fixes an issue saving intentions when editing per service intentions [[GH-11937](https://github.com/hashicorp/consul/issues/11937)]
|
||||
* ui: Fixes an issue where once a 403 page is displayed in some circumstances its
|
||||
diffcult to click back to where you where before receiving a 403 [[GH-11891](https://github.com/hashicorp/consul/issues/11891)]
|
||||
* ui: Prevent disconnection notice appearing with auth change on certain pages [[GH-11905](https://github.com/hashicorp/consul/issues/11905)]
|
||||
* ui: Temporarily remove KV pre-flight check for KV list permissions [[GH-11968](https://github.com/hashicorp/consul/issues/11968)]
|
||||
* windows: Fixes a bug with empty log files when Consul is run as a Windows Service [[GH-11960](https://github.com/hashicorp/consul/issues/11960)]
|
||||
* xds: fix a deadlock when the snapshot channel already have a snapshot to be consumed. [[GH-11924](https://github.com/hashicorp/consul/issues/11924)]
|
||||
|
||||
## 1.11.1 (December 15, 2021)
|
||||
|
||||
SECURITY:
|
||||
|
@ -133,6 +176,45 @@ NOTES:
|
|||
|
||||
* Renamed the `agent_master` field to `agent_recovery` in the `acl-tokens.json` file in which tokens are persisted on-disk (when `acl.enable_token_persistence` is enabled) [[GH-11744](https://github.com/hashicorp/consul/issues/11744)]
|
||||
|
||||
## 1.10.7 (January 12, 2022)
|
||||
|
||||
SECURITY:
|
||||
|
||||
* namespaces: **(Enterprise only)** Creating or editing namespaces that include default ACL policies or ACL roles now requires `acl:write` permission in the default namespace. This change fixes CVE-2021-41805.
|
||||
|
||||
FEATURES:
|
||||
|
||||
* ui: Adds visible Consul version information [[GH-11803](https://github.com/hashicorp/consul/issues/11803)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* Mutate `NodeService` struct properly to avoid a data race. [[GH-11940](https://github.com/hashicorp/consul/issues/11940)]
|
||||
* Upgrade to raft `1.3.3` which fixes a bug where a read replica node can trigger a raft election and become a leader. [[GH-11958](https://github.com/hashicorp/consul/issues/11958)]
|
||||
* ca: fixes a bug that caused non blocking leaf cert queries to return the same cached response regardless of ca rotation or leaf cert expiry [[GH-11693](https://github.com/hashicorp/consul/issues/11693)]
|
||||
* ca: fixes a bug that caused the SigningKeyID to be wrong in the primary DC, when the Vault provider is used, after a CA config creates a new root. [[GH-11672](https://github.com/hashicorp/consul/issues/11672)]
|
||||
* ca: fixes a bug that caused the intermediate cert used to sign leaf certs to be missing from the /connect/ca/roots API response when the Vault provider was used. [[GH-11671](https://github.com/hashicorp/consul/issues/11671)]
|
||||
* cli: Display assigned node identities in output of `consul acl token list`. [[GH-11926](https://github.com/hashicorp/consul/issues/11926)]
|
||||
* cli: when creating a private key, save the file with mode 0600 so that only the user has read permission. [[GH-11781](https://github.com/hashicorp/consul/issues/11781)]
|
||||
* snapshot: **(Enterprise only)** fixed a bug where the snapshot agent would ignore the `license_path` setting in config files
|
||||
* structs: **(Enterprise only)** Remove partition field parsing from 1.10 to prevent further 1.11 upgrade compatibility issues.
|
||||
* ui: Differentiate between Service Meta and Node Meta when choosing search fields
|
||||
in Service Instance listings [[GH-11774](https://github.com/hashicorp/consul/issues/11774)]
|
||||
* ui: Ensure we show a readonly designed page for readonly intentions [[GH-11767](https://github.com/hashicorp/consul/issues/11767)]
|
||||
* ui: Fix an issue where attempting to delete a policy from the policy detail page when
|
||||
attached to a token would result in the delete button disappearing and no
|
||||
deletion being attempted [[GH-11868](https://github.com/hashicorp/consul/issues/11868)]
|
||||
* ui: Fix visual issue with slight table header overflow [[GH-11670](https://github.com/hashicorp/consul/issues/11670)]
|
||||
* ui: Fixes an issue where once a 403 page is displayed in some circumstances its
|
||||
diffcult to click back to where you where before receiving a 403 [[GH-11891](https://github.com/hashicorp/consul/issues/11891)]
|
||||
* ui: Fixes an issue where under some circumstances after logging we present the
|
||||
data loaded previous to you logging in. [[GH-11681](https://github.com/hashicorp/consul/issues/11681)]
|
||||
* ui: Include `Service.Namespace` into available variables for `dashboard_url_templates` [[GH-11640](https://github.com/hashicorp/consul/issues/11640)]
|
||||
* ui: Revert to depending on the backend, 'post-user-action', to report
|
||||
permissions errors rather than using UI capabilities 'pre-user-action' [[GH-11520](https://github.com/hashicorp/consul/issues/11520)]
|
||||
* ui: Temporarily remove KV pre-flight check for KV list permissions [[GH-11968](https://github.com/hashicorp/consul/issues/11968)]
|
||||
* windows: Fixes a bug with empty log files when Consul is run as a Windows Service [[GH-11960](https://github.com/hashicorp/consul/issues/11960)]
|
||||
* xds: fix a deadlock when the snapshot channel already have a snapshot to be consumed. [[GH-11924](https://github.com/hashicorp/consul/issues/11924)]
|
||||
|
||||
## 1.10.6 (December 15, 2021)
|
||||
|
||||
SECURITY:
|
||||
|
@ -417,6 +499,29 @@ NOTES:
|
|||
|
||||
* legal: **(Enterprise only)** Enterprise binary downloads will now include a copy of the EULA and Terms of Evaluation in the zip archive
|
||||
|
||||
## 1.9.14 (January 12, 2022)
|
||||
|
||||
SECURITY:
|
||||
|
||||
* namespaces: **(Enterprise only)** Creating or editing namespaces that include default ACL policies or ACL roles now requires `acl:write` permission in the default namespace. This change fixes CVE-2021-41805.
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* ca: fixes a bug that caused non blocking leaf cert queries to return the same cached response regardless of ca rotation or leaf cert expiry [[GH-11693](https://github.com/hashicorp/consul/issues/11693)]
|
||||
* ca: fixes a bug that caused the intermediate cert used to sign leaf certs to be missing from the /connect/ca/roots API response when the Vault provider was used. [[GH-11671](https://github.com/hashicorp/consul/issues/11671)]
|
||||
* cli: Display assigned node identities in output of `consul acl token list`. [[GH-11926](https://github.com/hashicorp/consul/issues/11926)]
|
||||
* cli: when creating a private key, save the file with mode 0600 so that only the user has read permission. [[GH-11781](https://github.com/hashicorp/consul/issues/11781)]
|
||||
* snapshot: **(Enterprise only)** fixed a bug where the snapshot agent would ignore the `license_path` setting in config files
|
||||
* ui: Differentiate between Service Meta and Node Meta when choosing search fields
|
||||
in Service Instance listings [[GH-11774](https://github.com/hashicorp/consul/issues/11774)]
|
||||
* ui: Fixes an issue where under some circumstances after logging we present the
|
||||
data loaded previous to you logging in. [[GH-11681](https://github.com/hashicorp/consul/issues/11681)]
|
||||
* ui: Fixes an issue where under some circumstances the namespace selector could
|
||||
become 'stuck' on the default namespace [[GH-11830](https://github.com/hashicorp/consul/issues/11830)]
|
||||
* ui: Include `Service.Namespace` into available variables for `dashboard_url_templates` [[GH-11640](https://github.com/hashicorp/consul/issues/11640)]
|
||||
* ui: Prevent disconnection notice appearing with auth change on certain pages [[GH-11905](https://github.com/hashicorp/consul/issues/11905)]
|
||||
* xds: fix a deadlock when the snapshot channel already have a snapshot to be consumed. [[GH-11924](https://github.com/hashicorp/consul/issues/11924)]
|
||||
|
||||
## 1.9.13 (December 15, 2021)
|
||||
|
||||
SECURITY:
|
||||
|
|
|
@ -126,7 +126,7 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
|
|||
"1.17.0", "1.17.1", "1.17.2", "1.17.3", "1.17.4",
|
||||
"1.18.0", "1.18.1", "1.18.2", "1.18.3", "1.18.4",
|
||||
"1.19.0", "1.19.1",
|
||||
"1.20.0",
|
||||
"1.20.0", "1.20.1",
|
||||
} {
|
||||
cases[v] = testcase{expect: supportedProxyFeatures{}}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ package proxysupport
|
|||
//
|
||||
// see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
|
||||
var EnvoyVersions = []string{
|
||||
"1.20.0",
|
||||
"1.20.1",
|
||||
"1.19.1",
|
||||
"1.18.4",
|
||||
"1.17.4",
|
||||
|
|
14
go.mod
14
go.mod
|
@ -14,7 +14,7 @@ require (
|
|||
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e
|
||||
github.com/armon/go-metrics v0.3.10
|
||||
github.com/armon/go-radix v1.0.0
|
||||
github.com/aws/aws-sdk-go v1.25.41
|
||||
github.com/aws/aws-sdk-go v1.42.34
|
||||
github.com/coredns/coredns v1.1.2
|
||||
github.com/coreos/go-oidc v2.1.0+incompatible
|
||||
github.com/digitalocean/godo v1.10.0 // indirect
|
||||
|
@ -56,21 +56,21 @@ require (
|
|||
github.com/hashicorp/raft-autopilot v0.1.5
|
||||
github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 // indirect
|
||||
github.com/hashicorp/raft-boltdb/v2 v2.2.0
|
||||
github.com/hashicorp/serf v0.9.6
|
||||
github.com/hashicorp/serf v0.9.7
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267
|
||||
github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493
|
||||
github.com/imdario/mergo v0.3.6
|
||||
github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f // indirect
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
|
||||
github.com/kr/text v0.1.0
|
||||
github.com/kr/text v0.2.0
|
||||
github.com/miekg/dns v1.1.41
|
||||
github.com/mitchellh/cli v1.1.0
|
||||
github.com/mitchellh/copystructure v1.0.0
|
||||
github.com/mitchellh/go-testing-interface v1.14.0
|
||||
github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452
|
||||
github.com/mitchellh/mapstructure v1.4.1-0.20210112042008-8ebf2d61a8b4
|
||||
github.com/mitchellh/pointerstructure v1.0.0
|
||||
github.com/mitchellh/mapstructure v1.4.1
|
||||
github.com/mitchellh/pointerstructure v1.2.1
|
||||
github.com/mitchellh/reflectwalk v1.0.1
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||
github.com/pierrec/lz4 v2.5.2+incompatible // indirect
|
||||
|
@ -78,14 +78,14 @@ require (
|
|||
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
|
||||
github.com/prometheus/client_golang v1.4.0
|
||||
github.com/rboyer/safeio v0.2.1
|
||||
github.com/ryanuber/columnize v2.1.0+incompatible
|
||||
github.com/ryanuber/columnize v2.1.2+incompatible
|
||||
github.com/shirou/gopsutil/v3 v3.21.10
|
||||
github.com/stretchr/testify v1.7.0
|
||||
go.etcd.io/bbolt v1.3.5
|
||||
go.opencensus.io v0.22.0 // indirect
|
||||
go.uber.org/goleak v1.1.10
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||
golang.org/x/sys v0.0.0-20211013075003-97ac67df715c
|
||||
|
|
30
go.sum
30
go.sum
|
@ -66,8 +66,9 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
|
|||
github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
|
||||
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.25.41 h1:/hj7nZ0586wFqpwjNpzWiUTwtaMgxAZNZKHay80MdXw=
|
||||
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.42.34 h1:fqGAiKmCSRY1rEa4G9VqgkKKbNmLKYq5dKmLtQkvYi8=
|
||||
github.com/aws/aws-sdk-go v1.42.34/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
|
@ -104,6 +105,7 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
|
|||
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
|
@ -301,8 +303,9 @@ github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42 h1:Ye8SofeDH
|
|||
github.com/hashicorp/raft-boltdb v0.0.0-20211202195631-7d34b9fb3f42/go.mod h1:wcXL8otVu5cpJVLjcmq7pmfdRCdaP+xnvu7WQcKJAhs=
|
||||
github.com/hashicorp/raft-boltdb/v2 v2.2.0 h1:/CVN9LSAcH50L3yp2TsPFIpeyHn1m3VF6kiutlDE3Nw=
|
||||
github.com/hashicorp/raft-boltdb/v2 v2.2.0/go.mod h1:SgPUD5TP20z/bswEr210SnkUFvQP/YjKV95aaiTbeMQ=
|
||||
github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc=
|
||||
github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
|
||||
github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY=
|
||||
github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086 h1:OKsyxKi2sNmqm1Gv93adf2AID2FOBFdCbbZn9fGtIdg=
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267 h1:e1ok06zGrWJW91rzRroyl5nRNqraaBe4d5hiKcVZuHM=
|
||||
|
@ -322,8 +325,11 @@ github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80s
|
|||
github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
|
||||
github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk=
|
||||
github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
||||
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
|
||||
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA=
|
||||
github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f h1:ENpDacvnr8faw5ugQmEF1QYk+f/Y9lXFvuYmRxykago=
|
||||
|
@ -347,8 +353,9 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
|
|||
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
|
||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
|
||||
github.com/linode/linodego v0.7.1 h1:4WZmMpSA2NRwlPZcc0+4Gyn7rr99Evk9bnr0B3gXRKE=
|
||||
github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY=
|
||||
|
@ -390,10 +397,10 @@ github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:
|
|||
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mitchellh/mapstructure v1.4.1-0.20210112042008-8ebf2d61a8b4 h1:MGwxzM4mdkhmCfDyEmSfng7tE1QRIUGbedKdaMksvjw=
|
||||
github.com/mitchellh/mapstructure v1.4.1-0.20210112042008-8ebf2d61a8b4/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mitchellh/pointerstructure v1.0.0 h1:ATSdz4NWrmWPOF1CeCBU4sMCno2hgqdbSrRPFWQSVZI=
|
||||
github.com/mitchellh/pointerstructure v1.0.0/go.mod h1:k4XwG94++jLVsSiTxo7qdIfXA9pj9EAeo0QsNNJOLZ8=
|
||||
github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
|
||||
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw=
|
||||
github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=
|
||||
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE=
|
||||
github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
|
@ -471,8 +478,9 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So
|
|||
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
|
||||
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/ryanuber/columnize v2.1.0+incompatible h1:j1Wcmh8OrK4Q7GXY+V7SVSY8nUWQxHW5TkBe7YUl+2s=
|
||||
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/ryanuber/columnize v2.1.2+incompatible h1:C89EOx/XBWwIXl8wm8OPJBd7kPF25UfsK2X7Ph/zCAk=
|
||||
github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
|
||||
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
|
||||
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
|
||||
|
@ -588,8 +596,8 @@ golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/
|
|||
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
|
||||
|
|
|
@ -10,7 +10,7 @@ readonly HASHICORP_DOCKER_PROXY="docker.mirror.hashicorp.services"
|
|||
DEBUG=${DEBUG:-}
|
||||
|
||||
# ENVOY_VERSION to run each test against
|
||||
ENVOY_VERSION=${ENVOY_VERSION:-"1.20.0"}
|
||||
ENVOY_VERSION=${ENVOY_VERSION:-"1.20.1"}
|
||||
export ENVOY_VERSION
|
||||
|
||||
if [ ! -z "$DEBUG" ] ; then
|
||||
|
|
|
@ -34,7 +34,9 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
### Payload Fields
|
||||
The corresponding CLI command is [`consul acl auth-method create`](/commands/acl/auth-method/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - Specifies a name for the ACL auth method. The
|
||||
name can contain alphanumeric characters, dashes `-`, and underscores `_`.
|
||||
|
@ -160,6 +162,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl auth-method read`](/commands/acl/auth-method/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the name of the ACL auth method to
|
||||
|
@ -212,6 +216,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl auth-method update`](/commands/acl/auth-method/update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - Specifies the name of the auth method to
|
||||
|
@ -343,6 +349,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl auth-method delete`](/commands/acl/auth-method/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the name of the ACL auth method to
|
||||
|
@ -385,6 +393,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl auth-method list`](/commands/acl/auth-method/list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace to list
|
||||
|
|
|
@ -34,6 +34,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl binding-rule create`](/commands/acl/binding-rule/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Description` `(string: "")` - Free form human readable description of the binding rule.
|
||||
|
@ -158,6 +160,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl binding-rule read`](/commands/acl/binding-rule/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL binding rule
|
||||
|
@ -208,6 +212,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl binding-rule update`](/commands/acl/binding-rule/update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `ID` `(string: <required>)` - Specifies the ID of the binding rule to update.
|
||||
|
@ -338,6 +344,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl binding-rule delete`](/commands/acl/binding-rule/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL binding rule to
|
||||
|
@ -380,6 +388,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl binding-rule list`](/commands/acl/binding-rule/list).
|
||||
|
||||
## Parameters
|
||||
|
||||
- `authmethod` `(string: "")` - Filters the binding rule list to those binding
|
||||
|
|
|
@ -38,6 +38,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `none` |
|
||||
|
||||
The corresponding CLI command is [`consul acl bootstrap`](/commands/acl/bootstrap).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -206,6 +208,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl translate-rules`](/commands/acl/translate-rules).
|
||||
|
||||
### Sample Payload
|
||||
|
||||
```hcl
|
||||
|
@ -253,6 +257,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl translate-rules`](/commands/acl/translate-rules).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -294,6 +300,8 @@ enabled. Login requires the ability to create local tokens which is restricted
|
|||
to the primary datacenter and any secondary datacenters with ACL token
|
||||
replication enabled.
|
||||
|
||||
The corresponding CLI command is [`consul login`](/commands/login).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AuthMethod` `(string: <required>)` - The name of the auth method to use for login.
|
||||
|
@ -380,6 +388,8 @@ The table below shows this endpoint's support for
|
|||
-> **Note** - This endpoint requires no specific privileges as it is just
|
||||
deleting a token for which you already must possess its secret.
|
||||
|
||||
The corresponding CLI command is [`consul logout`](/commands/logout).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
|
|
@ -33,6 +33,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy create`](/commands/acl/policy/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - Specifies a name for the ACL policy. The name
|
||||
|
@ -106,6 +108,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy read`](/commands/acl/policy/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL policy to
|
||||
|
@ -156,6 +160,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy read -name=<string>`](/commands/acl/policy/read#name).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the name of the ACL policy to
|
||||
|
@ -206,6 +212,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy update`](/commands/acl/policy/update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `ID` `(string: <required>)` - Specifies the UUID of the policy to update. This is
|
||||
|
@ -285,6 +293,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy delete`](/commands/acl/policy/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL policy to
|
||||
|
@ -327,6 +337,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl policy list`](/commands/acl/policy/list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace to list
|
||||
|
|
|
@ -32,6 +32,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role create`](/commands/acl/role/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - Specifies a name for the ACL role. The name
|
||||
|
@ -172,6 +174,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role read`](/commands/acl/role/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL role to
|
||||
|
@ -242,6 +246,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role read -name=<string>`](/commands/acl/role/read#name).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the Name of the ACL role to
|
||||
|
@ -311,6 +317,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role update`](/commands/acl/role/update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `ID` `(string: <required>)` - Specifies the ID of the role to update. This is
|
||||
|
@ -427,6 +435,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role delete`](/commands/acl/role/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `id` `(string: <required>)` - Specifies the UUID of the ACL role to
|
||||
|
@ -469,6 +479,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl role list`](/commands/acl/role/list).
|
||||
|
||||
## Parameters
|
||||
|
||||
- `policy` `(string: "")` - Filters the role list to those roles that are
|
||||
|
|
|
@ -32,6 +32,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token create`](/commands/acl/token/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AccessorID` `(string: "")` - Specifies a UUID to use as the token's Accessor ID.
|
||||
|
@ -173,6 +175,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token read`](/commands/acl/token/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AccessorID` `(string: <required>)` - Specifies the accessor ID of the ACL token to
|
||||
|
@ -243,6 +247,8 @@ The table below shows this endpoint's support for
|
|||
-> **Note** - This endpoint requires no specific privileges as it is just
|
||||
retrieving the data for a token that you must already possess its secret.
|
||||
|
||||
The corresponding CLI command is [`consul acl token read -self`](/commands/acl/token/read#self).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -293,6 +299,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token update`](/commands/acl/token/update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AccessorID` `(string: "")` - Specifies the accessor ID of the token being updated. This is
|
||||
|
@ -441,6 +449,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token clone`](/commands/acl/token/clone).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AccessorID` `(string: <required>)` - The accessor ID of the token to clone. This is required
|
||||
|
@ -520,6 +530,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `acl:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token delete`](/commands/acl/token/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `AccessorID` `(string: <required>)` - Specifies the accessor ID of the ACL token to
|
||||
|
@ -562,6 +574,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `acl:read` |
|
||||
|
||||
The corresponding CLI command is [`consul acl token list`](/commands/acl/token/list).
|
||||
|
||||
## Parameters
|
||||
|
||||
- `policy` `(string: "")` - Filters the token list to those tokens that are
|
||||
|
|
|
@ -29,6 +29,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul partition create`](/commands/partition#create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - The partition name. This must be a valid
|
||||
|
@ -85,6 +87,8 @@ The table below shows this endpoint's support for
|
|||
|
||||
<sup>1</sup> A non-anonymous token can read its own partition.
|
||||
|
||||
The corresponding CLI command is [`consul partition read`](/commands/partition#read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the partition to read. This
|
||||
|
@ -126,6 +130,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul partition write`](/commands/partition#write).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <optional>)` - The partition name. This must be a valid
|
||||
|
@ -188,6 +194,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul partition delete`](/commands/partition#delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the partition to delete. This
|
||||
|
@ -231,6 +239,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `consistent` | `none` | `operator:read` |
|
||||
|
||||
The corresponding CLI command is [`consul partition list`](/commands/partition#list).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
|
|
@ -227,6 +227,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `node:read` |
|
||||
|
||||
The corresponding CLI command is [`consul members`](/commands/members).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `wan` `(bool: false)` - Specifies to list WAN members instead of the LAN
|
||||
|
@ -373,6 +375,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------- |
|
||||
| `NO` | `none` | `none` | `agent:write` |
|
||||
|
||||
The corresponding CLI command is [`consul reload`](/commands/reload).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -404,6 +408,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `node:write` |
|
||||
|
||||
The corresponding CLI command is [`consul maint`](/commands/maint).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `enable` `(bool: <required>)` - Specifies whether to enable or disable
|
||||
|
@ -629,6 +635,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------- |
|
||||
| `NO` | `none` | `none` | `agent:write` |
|
||||
|
||||
The corresponding CLI command is [`consul join`](/commands/join).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `address` `(string: <required>)` - Specifies the address of the other agent to
|
||||
|
@ -669,6 +677,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------- |
|
||||
| `NO` | `none` | `none` | `agent:write` |
|
||||
|
||||
The corresponding CLI command is [`consul leave`](/commands/leave).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -706,6 +716,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul force-leave`](/commands/force-leave).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `node` `(string: <required>)` - Specifies the name of the node to be forced into `left` state. This is specified as part of the URL.
|
||||
|
@ -780,6 +792,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------- |
|
||||
| `NO` | `none` | `none` | `agent:write` |
|
||||
|
||||
The corresponding CLI command is [`consul acl set-agent-token`](/commands/acl/set-agent-token).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Token` `(string: "")` - Specifies the ACL token to set.
|
||||
|
|
|
@ -593,6 +593,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `service:write` |
|
||||
|
||||
The corresponding CLI command is [`consul services register`](/commands/services/register).
|
||||
|
||||
### Query string parameters
|
||||
|
||||
- `replace-existing-checks` - Missing health checks from the request will be deleted from the agent. Using this parameter allows to idempotently register a service and its checks without having to manually deregister checks.
|
||||
|
@ -766,6 +768,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `service:write` |
|
||||
|
||||
The corresponding CLI command is [`consul services deregister`](/commands/services/deregister).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `service_id` `(string: <required>)` - Specifies the ID of the service to
|
||||
|
|
|
@ -266,6 +266,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `none` |
|
||||
|
||||
The corresponding CLI command is [`consul catalog datacenters`](/commands/catalog/datacenters).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -297,6 +299,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `node:read` |
|
||||
|
||||
The corresponding CLI command is [`consul catalog nodes`](/commands/catalog/nodes).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -392,6 +396,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | -------------- |
|
||||
| `YES` | `all` | `none` | `service:read` |
|
||||
|
||||
The corresponding CLI command is [`consul catalog services`](/commands/catalog/services).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -48,6 +48,8 @@ The table below shows this endpoint's support for
|
|||
| service-splitter | `service:write` |
|
||||
| terminating-gateway | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul config write`](/commands/config/write).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -115,6 +117,8 @@ The table below shows this endpoint's support for
|
|||
| service-splitter | `service:read` |
|
||||
| terminating-gateway | `service:read` |
|
||||
|
||||
The corresponding CLI command is [`consul config read`](/commands/config/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -184,6 +188,8 @@ The table below shows this endpoint's support for
|
|||
| service-splitter | `service:read` |
|
||||
| terminating-gateway | `service:read` |
|
||||
|
||||
The corresponding CLI command is [`consul config list`](/commands/config/list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -258,6 +264,8 @@ The table below shows this endpoint's support for
|
|||
| service-splitter | `service:write` |
|
||||
| terminating-gateway | `operator:write ` |
|
||||
|
||||
The corresponding CLI command is [`consul config delete`](/commands/config/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -125,6 +125,8 @@ The table below shows this endpoint's support for
|
|||
<sup>1</sup> ACL required was <code>operator:read</code> prior to versions 1.8.6,
|
||||
1.7.10, and 1.6.10.
|
||||
|
||||
The corresponding CLI command is [`consul connect ca get-config`](/commands/connect/ca#get-config).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -165,6 +167,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul connect ca set-config`](/commands/connect/ca#set-config).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Provider` `(string: <required>)` - Specifies the CA provider type to use.
|
||||
|
|
|
@ -54,6 +54,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention create -replace`](/commands/intention/create#replace).
|
||||
|
||||
### URL Parameters
|
||||
|
||||
- `source` `(string: <required>)` - Specifies the source service. This
|
||||
|
@ -163,6 +165,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention create`](/commands/intention/create).
|
||||
|
||||
### URL Parameters
|
||||
|
||||
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the default
|
||||
|
@ -315,6 +319,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention get`](/commands/intention/get).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `source` `(string: <required>)` - Specifies the source service. This
|
||||
|
@ -390,6 +396,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention get`](/commands/intention/get).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `uuid` `(string: <required>)` - Specifies the UUID of the intention to read. This
|
||||
|
@ -450,6 +458,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention list`](/commands/intention/list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `filter` `(string: "")` - Specifies the expression used to filter the
|
||||
|
@ -539,6 +549,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention delete`](/commands/intention/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `source` `(string: <required>)` - Specifies the source service. This
|
||||
|
@ -597,6 +609,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention delete`](/commands/intention/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `uuid` `(string: <required>)` - Specifies the UUID of the intention to delete. This
|
||||
|
@ -652,6 +666,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention check`](/commands/intention/check).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `source` `(string: <required>)` - Specifies the source service. This
|
||||
|
@ -715,6 +731,8 @@ The table below shows this endpoint's support for
|
|||
for more details.
|
||||
</p>
|
||||
|
||||
The corresponding CLI command is [`consul intention match`](/commands/intention/match).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `by` `(string: <required>)` - Specifies whether to match the "name" value
|
||||
|
|
|
@ -38,6 +38,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `none` |
|
||||
|
||||
The corresponding CLI command is [`consul rtt -wan`](/commands/rtt#wan).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
@ -90,6 +92,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `node:read` |
|
||||
|
||||
The corresponding CLI command is [`consul rtt`](/commands/rtt).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -29,6 +29,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------- |
|
||||
| `NO` | `none` | `none` | `event:write` |
|
||||
|
||||
The corresponding CLI command is [`consul event`](/commands/event).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the name of the event to fire. This
|
||||
|
|
|
@ -43,6 +43,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `YES` | `all` | `none` | `key:read` |
|
||||
|
||||
The corresponding CLI command is [`consul kv get`](/commands/kv/get).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `key` `(string: "")` - Specifies the path of the key to read.
|
||||
|
@ -173,6 +175,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `key:write` |
|
||||
|
||||
The corresponding CLI command is [`consul kv put`](/commands/kv/put).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `key` `(string: "")` - Specifies the path of the key.
|
||||
|
@ -259,6 +263,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `key:write` |
|
||||
|
||||
The corresponding CLI command is [`consul kv delete`](/commands/kv/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -29,6 +29,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul namespace create`](/commands/namespace/create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <required>)` - The namespaces name. This must be a valid
|
||||
|
@ -161,6 +163,8 @@ The table below shows this endpoint's support for
|
|||
<sup>1</sup> Access can be granted to list the Namespace if the token used when making
|
||||
the request has been granted any access in the namespace (read, list or write).
|
||||
|
||||
The corresponding CLI command is [`consul namespace read`](/commands/namespace/read).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the namespace to read. This
|
||||
|
@ -227,6 +231,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul namespace update`](/commands/namespace/update) or [`consul namespace write`](/commands/namespace/write).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `Name` `(string: <optional>)` - The namespaces name. This must be a valid
|
||||
|
@ -364,6 +370,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul namespace delete`](/commands/namespace/delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `name` `(string: <required>)` - Specifies the namespace to delete. This
|
||||
|
@ -436,6 +444,8 @@ The table below shows this endpoint's support for
|
|||
<sup>1</sup> Access can be granted to list the Namespace if the token used when making
|
||||
the request has been granted any access in the namespace (read, list or write).
|
||||
|
||||
The corresponding CLI command is [`consul namespace list`](/commands/namespace/list).
|
||||
|
||||
### Sample Request
|
||||
|
||||
```shell-session
|
||||
|
|
|
@ -45,6 +45,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area create`](/commands/operator/area#create).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -111,6 +113,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `YES` | `all` | `none` | `operator:read` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area list`](/commands/operator/area#list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -154,6 +158,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area update`](/commands/operator/area#update).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -244,6 +250,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area delete`](/commands/operator/area#delete).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `uuid` `(string: <required>)` - Specifies the UUID of the area to delete. This
|
||||
|
@ -280,6 +288,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area join`](/commands/operator/area#join).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `uuid` `(string: <required>)` - Specifies the UUID of the area to join. This
|
||||
|
@ -353,6 +363,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `operator:read` |
|
||||
|
||||
The corresponding CLI command is [`consul operator area members`](/commands/operator/area#members).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `uuid` `(string: <required>)` - Specifies the UUID of the area to list. This
|
||||
|
|
|
@ -33,6 +33,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `operator:read` |
|
||||
|
||||
The corresponding CLI command is [`consul operator autopilot get-config`](/commands/operator/autopilot#get-config).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -87,6 +89,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator autopilot set-config`](/commands/operator/autopilot#set-config).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
@ -269,6 +273,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `operator:read` |
|
||||
|
||||
The corresponding CLI command is [`consul operator autopilot state`](/commands/operator/autopilot#state).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -35,6 +35,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | -------------- |
|
||||
| `NO` | `none` | `none` | `keyring:read` |
|
||||
|
||||
The corresponding CLI command is [`consul keyring -list`](/commands/keyring#list).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `relay-factor` `(int: 0)` - Specifies the relay factor. Setting this to a
|
||||
|
@ -120,6 +122,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `keyring:write` |
|
||||
|
||||
The corresponding CLI command is [`consul keyring -intstall`](/commands/keyring#install).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `relay-factor` `(int: 0)` - Specifies the relay factor. Setting this to a
|
||||
|
@ -166,6 +170,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `keyring:write` |
|
||||
|
||||
The corresponding CLI command is [`consul keyring -use`](/commands/keyring#use).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `relay-factor` `(int: 0)` - Specifies the relay factor. Setting this to a
|
||||
|
@ -212,6 +218,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | --------------- |
|
||||
| `NO` | `none` | `none` | `keyring:write` |
|
||||
|
||||
The corresponding CLI command is [`consul keyring -remove`](/commands/keyring#remove).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `relay-factor` `(int: 0)` - Specifies the relay factor. Setting this to a
|
||||
|
|
|
@ -31,6 +31,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `all` | `none` | `none` |
|
||||
|
||||
The corresponding CLI command is [`consul license get`](/commands/license#get).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter whose license should be retrieved.
|
||||
|
@ -96,6 +98,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul license put`](/commands/license#put).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter whose license should be updated.
|
||||
|
@ -166,6 +170,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul license reset`](/commands/license#reset).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter whose license should be updated.
|
||||
|
|
|
@ -130,6 +130,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ---------------- |
|
||||
| `NO` | `none` | `none` | `operator:write` |
|
||||
|
||||
The corresponding CLI command is [`consul operator raft remove-peer`](/commands/operator/raft#remove-peer).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -39,6 +39,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `default,stale` | `none` | `management` |
|
||||
|
||||
The corresponding CLI command is [`consul snapshot save`](/commands/snapshot/save).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default
|
||||
|
@ -94,6 +96,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `management` |
|
||||
|
||||
The corresponding CLI command is [`consul snapshot restore`](/commands/snapshot/restore).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default
|
||||
|
|
|
@ -70,6 +70,8 @@ The table below shows this endpoint's support for
|
|||
| ---------------- | ----------------- | ------------- | ------------ |
|
||||
| `NO` | `none` | `none` | `none` |
|
||||
|
||||
The corresponding CLI command is [`consul operator raft list-peers`](/commands/operator/raft#list-peers).
|
||||
|
||||
### Parameters
|
||||
|
||||
- `dc` `(string: "")` - Specifies the datacenter to query. This will default to
|
||||
|
|
|
@ -113,7 +113,7 @@ The options below are all specified on the command-line.
|
|||
template that must resolve at runtime to a single address. Some example templates:
|
||||
|
||||
<CodeBlockConfig heading="Using address within a specific CIDR">
|
||||
|
||||
|
||||
```shell-session
|
||||
$ consul agent -bind '{{ GetPrivateInterfaces | include "network" "10.0.0.0/8" | attr "address" }}'
|
||||
```
|
||||
|
@ -162,11 +162,11 @@ The options below are all specified on the command-line.
|
|||
template that can potentially resolve to multiple addresses.
|
||||
|
||||
<CodeBlockConfig hideClipboard heading="Bind consul client interfaces to private IPv4 interfaces">
|
||||
|
||||
|
||||
```shell
|
||||
$ consul agent -dev -client '{{ GetPrivateInterfaces | exclude "type" "ipv6" | join "address" " " }}'
|
||||
```
|
||||
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig hideClipboard heading="Bind consul client interfaces to private IP addresses and loopback">
|
||||
|
@ -275,7 +275,6 @@ The options below are all specified on the command-line.
|
|||
they are defined in the local configuration files. Script checks defined in HTTP
|
||||
API registrations will still not be allowed.
|
||||
|
||||
|
||||
- `-encrypt` ((#\_encrypt)) - Specifies the secret key to use for encryption
|
||||
of Consul network traffic. This key must be 32-bytes that are Base64-encoded. The
|
||||
easiest way to create an encryption key is to use [`consul keygen`](/commands/keygen).
|
||||
|
@ -595,18 +594,36 @@ In addition to the command-line options, configuration can be put into
|
|||
files. This may be easier in certain situations, for example when Consul is
|
||||
being configured using a configuration management system.
|
||||
|
||||
The configuration files are JSON formatted, making them easily readable
|
||||
and editable by both humans and computers. The configuration is formatted
|
||||
as a single JSON object with configuration within it.
|
||||
The configuration files are formatted as HCL, or JSON. JSON formatted configs are easily readable
|
||||
and editable by both humans and computers. JSON formatted configuration consists
|
||||
of a single JSON object with multiple configuration keys specified within it.
|
||||
|
||||
Configuration files are used for more than just setting up the agent,
|
||||
they are also used to provide check and service definitions. These are used
|
||||
to announce the availability of system servers to the rest of the cluster.
|
||||
They are documented separately under [check configuration](/docs/agent/checks) and
|
||||
[service configuration](/docs/agent/services) respectively. The service and check
|
||||
Configuration files are used for more than just setting up the agent.
|
||||
They are also used to provide check and service definitions that
|
||||
announce the availability of system servers to the rest of the cluster.
|
||||
These definitions are documented separately under [check configuration](/docs/agent/checks) and
|
||||
[service configuration](/docs/agent/services) respectively. Service and check
|
||||
definitions support being updated during a reload.
|
||||
|
||||
<CodeBlockConfig heading="Example Configuration File">
|
||||
<CodeTabs heading="Example Configuration File">
|
||||
|
||||
```hcl
|
||||
datacenter = "east-aws"
|
||||
data_dir = "/opt/consul"
|
||||
log_level = "INFO"
|
||||
node_name = "foobar"
|
||||
server = true
|
||||
watches = [
|
||||
{
|
||||
type = "checks"
|
||||
handler = "/usr/bin/health-check-handler.sh"
|
||||
}
|
||||
]
|
||||
|
||||
telemetry {
|
||||
statsite_address = "127.0.0.1:2180"
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -627,7 +644,7 @@ definitions support being updated during a reload.
|
|||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
</CodeTabs>
|
||||
|
||||
#### Configuration Key Reference ((#config_key_reference))
|
||||
|
||||
|
@ -764,7 +781,14 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
- `managed_service_provider` ((#acl_tokens_managed_service_provider)) <EnterpriseAlert inline /> - An
|
||||
array of ACL tokens used by Consul managed service providers for cluster operations.
|
||||
|
||||
<CodeBlockConfig heading="Example managed_service_provider configuration">
|
||||
<CodeTabs heading="Example managed_service_provider configuration">
|
||||
|
||||
```hcl
|
||||
managed_service_provider {
|
||||
accessor_id = "ed22003b-0832-4e48-ac65-31de64e5c2ff"
|
||||
secret_id = "cb6be010-bba8-4f30-a9ed-d347128dde17"
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
"managed_service_provider": [
|
||||
|
@ -775,7 +799,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
]
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
</CodeTabs>
|
||||
|
||||
- `acl_datacenter` - **This field is deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.**
|
||||
|
||||
|
@ -915,7 +939,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
- `audit` <EnterpriseAlert inline /> - Added in Consul 1.8, the audit object allow users to enable auditing
|
||||
and configure a sink and filters for their audit logs. For more information, review the [audit log tutorial](https://learn.hashicorp.com/tutorials/consul/audit-logging).
|
||||
|
||||
<CodeBlockConfig heading="Example audit configuration">
|
||||
<CodeTabs heading="Example audit configuration">
|
||||
|
||||
```hcl
|
||||
audit {
|
||||
|
@ -932,7 +956,26 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
```json
|
||||
{
|
||||
"audit": {
|
||||
"enabled": true,
|
||||
"sink": {
|
||||
"My sink": {
|
||||
"type": "file",
|
||||
"format": "json",
|
||||
"path": "data/audit/audit.json",
|
||||
"delivery_guarantee": "best-effort",
|
||||
"rotate_duration": "24h",
|
||||
"rotate_max_files": 15,
|
||||
"rotate_bytes": 25165824
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
The following sub-keys are available:
|
||||
|
||||
|
@ -1118,14 +1161,14 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
validating all claims to account for clock skew. Defaults to 60s (1 minute)
|
||||
if set to 0s and can be disabled if set to -1ns.
|
||||
|
||||
- `claim_assertions` (Defaults to []) List of assertions about the mapped
|
||||
- `claim_assertions` (Defaults to `[]`) List of assertions about the mapped
|
||||
claims required to authorize the incoming RPC request. The syntax uses
|
||||
github.com/hashicorp/go-bexpr which is shared with the
|
||||
[github.com/hashicorp/go-bexpr](https://github.com/hashicorp/go-bexpr) which is shared with the
|
||||
[API filtering feature](/api/features/filtering). For example, the following
|
||||
configurations when combined will ensure that the JWT `sub` matches the node
|
||||
name requested by the client.
|
||||
|
||||
<CodeBlockConfig heading="Ensure that the JWT `sub` matches the node name requested by the client">
|
||||
<CodeTabs heading="Ensure that the JWT sub matches the node name requested by the client">
|
||||
|
||||
```hcl
|
||||
claim_mappings {
|
||||
|
@ -1136,7 +1179,16 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
]
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
```json
|
||||
{
|
||||
"claim_mappings": {
|
||||
"sub": "node_name"
|
||||
},
|
||||
"claim_assertions": ["value.node_name == \"${node}\""]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
The assertions are lightly templated using [HIL syntax](https://github.com/hashicorp/hil)
|
||||
to interpolate some values from the RPC request. The list of variables that can be interpolated
|
||||
|
@ -1534,7 +1586,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
equivalent to "no max age". To get a fresh value from the cache use a very small value
|
||||
of `1ns` instead of 0.
|
||||
|
||||
- `prefer_namespace` ((#dns_prefer_namespace)) <EnterpriseAlert inline /> **Deprecated in
|
||||
- `prefer_namespace` ((#dns_prefer_namespace)) <EnterpriseAlert inline /> **Deprecated in
|
||||
Consul 1.11. Use the [canonical DNS format](/docs/discovery/dns#namespaced-partitioned-services) instead.** -
|
||||
When set to true, in a DNS query for a service, the label between the domain
|
||||
and the `service` label will be treated as a namespace name instead of a datacenter.
|
||||
|
@ -1702,7 +1754,15 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
|
||||
- `response_headers` This object allows adding headers to the HTTP API and UI responses. For example, the following config can be used to enable [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on the HTTP API endpoints:
|
||||
|
||||
<CodeBlockConfig heading="Enable CORS on the HTTP API endpoints">
|
||||
<CodeTabs heading="Enable CORS on the HTTP API endpoints">
|
||||
|
||||
```hcl
|
||||
http_config {
|
||||
response_headers {
|
||||
Access-Control-Allow-Origin = "*"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -1714,7 +1774,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
</CodeTabs>
|
||||
|
||||
- `allow_write_http_from` This object is a list of networks in CIDR notation (eg "127.0.0.0/8") that are allowed to call the agent write endpoints. It defaults to an empty list, which means all networks are allowed. This is used to make the agent read-only, except for select ip ranges. - To block write calls from anywhere, use `[ "255.255.255.255/32" ]`. - To only allow write calls from localhost, use `[ "127.0.0.0/8" ]` - To only allow specific IPs, use `[ "10.0.0.1/32", "10.0.0.2/32" ]`
|
||||
|
||||
|
@ -1762,7 +1822,13 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
|
||||
- `node_meta` Available in Consul 0.7.3 and later, This object allows associating arbitrary metadata key/value pairs with the local node, which can then be used for filtering results from certain catalog endpoints. See the [`-node-meta` command-line flag](#_node_meta) for more information.
|
||||
|
||||
<CodeBlockConfig heading="Example node_meta configuration">
|
||||
<CodeTabs heading="Example node_meta configuration">
|
||||
|
||||
```hcl
|
||||
node_meta {
|
||||
instance_type = "t2.medium"
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -1772,7 +1838,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
</CodeTabs>
|
||||
|
||||
- `partition` <EnterpriseAlert inline /> - This flag is used to set
|
||||
the name of the admin partition the agent belongs to. An agent can only join
|
||||
|
@ -1782,7 +1848,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
partition. This cannot be set on a server agent.
|
||||
|
||||
~> **Warning:** The `partition` option cannot be used either the
|
||||
[`segment`](#segment-2) option or [`-segment`](#_segment) flag.
|
||||
[`segment`](#segment-2) option or [`-segment`](#_segment) flag.
|
||||
|
||||
- `performance` Available in Consul 0.7 and later, this is a nested object that allows tuning the performance of different subsystems in Consul. See the [Server Performance](/docs/install/performance) documentation for more details. The following parameters are available:
|
||||
|
||||
|
@ -1866,15 +1932,14 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
- `protocol` ((#protocol)) Equivalent to the [`-protocol` command-line
|
||||
flag](#_protocol).
|
||||
|
||||
- `raft_boltdb` ((#raft_boltdb)) This is a nested object that allows configuring
|
||||
- `raft_boltdb` ((#raft_boltdb)) This is a nested object that allows configuring
|
||||
options for Raft's BoltDB based log store.
|
||||
|
||||
- `NoFreelistSync` ((#NoFreelistSync)) Setting this to `true` will disable
|
||||
- `NoFreelistSync` ((#NoFreelistSync)) Setting this to `true` will disable
|
||||
syncing the BoltDB freelist to disk within the raft.db file. Not syncing
|
||||
the freelist to disk will reduce disk IO required for write operations
|
||||
at the expense of potentially increasing start up time due to needing
|
||||
to scan the db to discover where the free space resides within the file.
|
||||
|
||||
|
||||
- `raft_protocol` ((#raft_protocol)) Equivalent to the [`-raft-protocol`
|
||||
command-line flag](#_raft_protocol).
|
||||
|
@ -2119,13 +2184,23 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
This is a list of filter rules to apply for allowing/blocking metrics by
|
||||
prefix in the following format:
|
||||
|
||||
<CodeBlockConfig heading="Example prefix_filter configuration">
|
||||
<CodeTabs heading="Example prefix_filter configuration">
|
||||
|
||||
```json
|
||||
["+consul.raft.apply", "-consul.http", "+consul.http.GET"]
|
||||
```hcl
|
||||
telemetry {
|
||||
prefix_filter = ["+consul.raft.apply", "-consul.http", "+consul.http.GET"]
|
||||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
```json
|
||||
{
|
||||
"telemetry": {
|
||||
"prefix_filter": ["+consul.raft.apply", "-consul.http", "+consul.http.GET"]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
A leading "**+**" will enable any metrics with the given prefix, and a leading "**-**" will block them. If there is overlap between two rules, the more specific rule will take precedence. Blocking will take priority if the same prefix is listed multiple times.
|
||||
|
||||
|
@ -2141,7 +2216,7 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
|||
it is recommended to also enable the option [`disable_hostname`](#telemetry-disable_hostname)
|
||||
to avoid having prefixed metrics with hostname. Consul does not use the default
|
||||
Prometheus path, so Prometheus must be configured as follows. Note that using
|
||||
`?format=prometheus` in the path won't work as ? will be escaped, so it must be
|
||||
`?format=prometheus` in the path won't work as `?` will be escaped, so it must be
|
||||
specified as a parameter.
|
||||
|
||||
<CodeBlockConfig heading="Example Prometheus configuration">
|
||||
|
@ -2465,7 +2540,35 @@ will result in TLS not being enabled at all, even when specifying a [`ca_file`](
|
|||
|
||||
See, especially, the use of the `ports` setting highlighted below.
|
||||
|
||||
<CodeBlockConfig heading="Example configuration with TLS" lineNumbers highlight="10-12">
|
||||
<CodeTabs heading="Example configuration with TLS">
|
||||
|
||||
<CodeBlockConfig lineNumbers highlight="10-12">
|
||||
|
||||
```hcl
|
||||
datacenter = "east-aws"
|
||||
data_dir = "/opt/consul"
|
||||
log_level = "INFO"
|
||||
node_name = "foobar"
|
||||
server = true
|
||||
|
||||
addresses = {
|
||||
https = "0.0.0.0"
|
||||
}
|
||||
ports {
|
||||
https = 8501
|
||||
}
|
||||
|
||||
key_file = "/etc/pki/tls/private/my.key"
|
||||
cert_file = "/etc/pki/tls/certs/my.crt"
|
||||
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
verify_incoming = true
|
||||
verify_outgoing = true
|
||||
verify_server_hostname = true
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
|
||||
<CodeBlockConfig lineNumbers highlight="10-12">
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -2491,6 +2594,8 @@ See, especially, the use of the `ports` setting highlighted below.
|
|||
|
||||
</CodeBlockConfig>
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
Consul will not enable TLS for the HTTP API unless the `https` port has been
|
||||
assigned a port number `> 0`. We recommend using `8501` for `https` as this
|
||||
default will automatically work with some tooling.
|
||||
|
|
|
@ -873,7 +873,7 @@ spec:
|
|||
through this listener. This can be either a service registered in the
|
||||
catalog, or a service defined only by [other config entries](/docs/connect/l7-traffic-management). If the wildcard specifier,
|
||||
\`*\`, is provided, then ALL services will be exposed through the listener.
|
||||
This is not supported for listener's with protocol \`tcp\`.`,
|
||||
This is not supported for listeners with protocol \`tcp\`.`,
|
||||
},
|
||||
{
|
||||
name: 'Namespace',
|
||||
|
|
|
@ -20,6 +20,8 @@ Consul cluster, operators must ensure that all Consul servers in every
|
|||
datacenter must be directly connectable over their WAN-advertised network
|
||||
address from each other.
|
||||
|
||||
[![WAN federation without mesh gateways](/img/wan-federation-connectivity-traditional.png)](/img/wan-federation-connectivity-traditional.png)
|
||||
|
||||
This requires that operators setting up the virtual machines or containers
|
||||
hosting the servers take additional steps to ensure the necessary routing and
|
||||
firewall rules are in place to allow the servers to speak to each other over
|
||||
|
@ -38,7 +40,7 @@ Operators looking to simplify their WAN deployment and minimize the exposed
|
|||
security surface area can elect to join these datacenters together using [mesh
|
||||
gateways](/docs/connect/gateways/mesh-gateway) to do so.
|
||||
|
||||
![Mesh Gateway Architecture](/img/mesh-gateways.png)
|
||||
[![WAN federation with mesh gateways](/img/wan-federation-connectivity-mesh-gateways.png)](/img/wan-federation-connectivity-mesh-gateways.png)
|
||||
|
||||
## Architecture
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ compatible Envoy versions.
|
|||
|
||||
| Consul Version | Compatible Envoy Versions |
|
||||
| ------------------- | ------------------------------------------------------ |
|
||||
| 1.11.x | 1.20.0, 1.19.1, 1.18.4, 1.17.4 |
|
||||
| 1.11.x | 1.20.1, 1.19.1, 1.18.4, 1.17.4 |
|
||||
| 1.10.x | 1.18.4, 1.17.4, 1.16.5, 1.15.5 |
|
||||
| 1.9.x | 1.16.5, 1.15.5, 1.14.7<sup>1</sup>, 1.13.7<sup>1</sup> |
|
||||
| 1.8.x | 1.14.7, 1.13.7, 1.12.7, 1.11.2 |
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Compatibility Matrix
|
||||
description: Compatibility Matrix for Consul Kubernetes
|
||||
---
|
||||
|
||||
# Compatibility Matrix for Consul on Kubernetes
|
||||
|
||||
For every release of Consul on Kubernetes, a Helm chart, `consul-k8s-control-plane` binary and a `consul-k8s` CLI binary is built and distributed through a single version. When deploying via Helm, the recommended best path for upgrading Consul on Kubernetes, is to upgrade using the same `consul-k8s-control-plane` version as the Helm Chart, as the Helm Chart and Control Plane binary are tightly coupled.
|
||||
|
||||
## Supported Consul versions
|
||||
|
||||
### Version 0.33.0 and above
|
||||
|
||||
Starting with Consul Kubernetes 0.33.0, Consul Kubernetes versions all of it components (`consul-k8s` CLI, `consul-k8s-control-plane`, and Helm chart) with a single version.
|
||||
|
||||
| Consul Version | Compatible consul-k8s Versions |
|
||||
| -------------- | ------------------------------- |
|
||||
| 1.11.x | 0.39.0 - latest |
|
||||
| 1.10.x | 0.33.0 - 0.38.0 |
|
||||
|
||||
### Prior to version 0.33.0
|
||||
|
||||
Prior to Consul Kubernetes 0.33.0, a separately versioned Consul Helm chart was distributed to deploy the Consul on Kubernetes binary. The default version of the `consul-k8s` binary specified by the Helm chart should be used to ensure proper compatibility, since the Helm chart is designed and tested with the default `consul-k8s` version. To find the default version for the appropriate Helm chart version, navigate to the corresponding tag (i.e. 0.32.1) in [`values.yaml`](https://github.com/hashicorp/consul-helm/blob/v0.32.1/values.yaml) and retrieve the `imageK8S` global value.
|
||||
|
||||
| Consul Version | Compatible Consul Helm Versions (default `consul-k8s` image) |
|
||||
| -------------- | -----------------------------------------------------------|
|
||||
| 1.10.x | 0.32.0 (consul-k8s:0.26.0) - 0.32.1 (consul-k8s:0.26.0) |
|
||||
| 1.9.x | 0.27.0 (consul-k8s:0.21.0) - 0.31.1 (consul-k8s:0.25.0) |
|
||||
| 1.8.x | 0.22.0 (consul-k8s:0.16.0) - 0.26.0 (consul-k8s:0.20.0) |
|
||||
| 1.7.x | 0.17.0 (consul-k8s:0.12.0) - 0.21.0 (consul-k8s:0.15.0) |
|
||||
| 1.6.x | 0.10.0 (consul-k8s:0.9.2) - 0.16.2 (consul-k8s:0.11.0) |
|
||||
|
||||
## Supported Envoy versions
|
||||
|
||||
Supported versions of Envoy for Consul versions are also found in [Envoy - Supported Versions](https://www.consul.io/docs/connect/proxies/envoy#supported-versions). The recommended best practice is to use the default version of Envoy that is provided in the Helm values.yml file, as that is the version that has been tested with the default Consul and Consul Kubernetes binaries for a given Helm chart.
|
||||
|
||||
## Red Hat OpenShift compatability
|
||||
|
||||
Consul Kubernetes delivered Red Hat OpenShift support starting with Consul Helm chart version 0.25.0 for Consul 1.8.4 Please note the following details regarding OpenShift support.
|
||||
|
||||
- Red Hat OpenShift is only supported for OpenShift 4.4.x and above.
|
||||
- Only the default CNI Plugin, [OpenShift SDN CNI Plugin](https://docs.openshift.com/container-platform/4.9/networking/openshift_sdn/about-openshift-sdn.html) is currently supported.
|
||||
|
||||
## Vault as a Secrets Backend compatibility
|
||||
|
||||
Starting with Consul K8s 0.39.0 and Consul 1.11.x, Consul Kubernetes supports the ability to utilize Vault as the secrets backend for all the secrets utilized by Consul Kubernetes.
|
||||
|
||||
| `consul-k8s` Versions | Compatible Vault Versions | Compatible Vault K8s Versions |
|
||||
| ------------------------ | --------------------------| ----------------------------- |
|
||||
| 0.39.0 - latest | 1.9.0 - latest | 0.14.0 - latest |
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Compatibility Matrix
|
||||
description: Compatibility Matrix for Consul Kubernetes and Consul
|
||||
---
|
||||
|
||||
# Compatibility Matrix for Consul Kubernetes and Consul
|
||||
|
||||
Consul Kubernetes (consul-k8s) is managed using Consul Helm. For every release of Consul Kubernetes, a new version of the Consul Kubernetes
|
||||
Helm chart and Consul Kubernetes binary is released through the HashiCorp Helm repository. The recommended best practice is to upgrade
|
||||
the Helm chart which will ensure a compatible version of the Consul Kubernetes binary is used.
|
||||
|
||||
## Supported Consul versions
|
||||
|
||||
| Consul Version | Compatible Consul Helm Versions |
|
||||
| -------------- | ------------------------------- |
|
||||
| 1.11.x | 0.39.0 - latest |
|
||||
| 1.10.x | 0.32.0 - 0.38.0 |
|
||||
| 1.9.x | 0.27.0 - 0.31.1 |
|
||||
| 1.8.x | 0.22.0 - 0.26.0 |
|
||||
| 1.7.x | 0.17.0 - 0.21.0 |
|
||||
| 1.6.x | 0.10.0 - 0.16.2 |
|
||||
|
||||
## Supported Envoy versions
|
||||
|
||||
Supported versions of Envoy for Consul versions are also found in [Envoy - Supported Versions](https://www.consul.io/docs/connect/proxies/envoy#supported-versions). The recommended best practice is to use the default version of Envoy that is provided in the Helm values.yml file, as that is the version that has been tested with the default Consul and Consul Kubernetes binaries for a given Helm chart.
|
|
@ -21,7 +21,8 @@ Consul-Terraform-Sync is compatible with the following Terraform OSS versions:
|
|||
|
||||
| Consul-Terraform-Sync | Compatible Terraform Version |
|
||||
| --------------------- | ---------------------------- |
|
||||
| 0.2+ | 0.13 - 1.0 |
|
||||
| 0.3+ | 0.13 - 1.1 |
|
||||
| 0.2 | 0.13 - 1.0 |
|
||||
| 0.1 | 0.13 - 0.14 |
|
||||
|
||||
## Terraform Cloud
|
||||
|
|
|
@ -0,0 +1,238 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: ACL in Federated Datacenters
|
||||
description: >-
|
||||
This topic describes the specific ACL bootstrapping policies that are necessary when ACLs are enabled for federated, multi-datacenter deployments.
|
||||
---
|
||||
|
||||
# ACLs in Federated Datacenters
|
||||
|
||||
This topic describes how to set up Consul's access control list (ACL) system
|
||||
in cluster deployments that span multiple data centers. This documentation is applicable
|
||||
to new clusters rather than existing clusters.
|
||||
|
||||
# Requirements
|
||||
|
||||
Consul versions 1.4.0 and later
|
||||
|
||||
## Configure ACLs in the Primary Datacenter
|
||||
|
||||
In a [federated Consul deployment](/docs/k8s/installation/multi-cluster), one of the datacenters is marked as the primary datacenter.
|
||||
The `acl` configuration block should be added to the primary datacenter server's configuration file
|
||||
as shown in the following example.
|
||||
|
||||
See the [ACL Config Stanza](/docs/agent/options#acl) for more detailed descriptions of each option.
|
||||
|
||||
-> **Versions before 1.11.0:** The `initial_management` token was called the `master` token in versions
|
||||
prior to 1.11.0
|
||||
|
||||
<CodeTabs heading="ACL Configuration in Primary">
|
||||
|
||||
```hcl
|
||||
bootstrap_expect = 3
|
||||
primary_datacenter = "PRIMARY_DATACENTER_VALUE"
|
||||
acl = {
|
||||
enabled = true
|
||||
default_policy = "deny"
|
||||
down_policy = "deny"
|
||||
enable_token_persistence = true
|
||||
enable_token_replication = true
|
||||
tokens = {
|
||||
initial_management = "ACL_MANAGEMENT_TOKEN"
|
||||
agent = "YOUR_ACL_AGENT_TOKEN"
|
||||
}
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"bootstrap_expect": N,
|
||||
"primary_datacenter": "PRIMARY_DATACENTER_VALUE",
|
||||
"acl": {
|
||||
"enabled": true,
|
||||
"default_policy": "deny",
|
||||
"down_policy": "deny",
|
||||
"enable_token_persistence": true,
|
||||
"enable_token_replication": true,
|
||||
"tokens": {
|
||||
"initial_management": "ACL_MANAGEMENT_TOKEN",
|
||||
"agent": "ACL_AGENT_TOKEN"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
~> **Warning:** Note that most enterprise deployments have security requirements that prevent specifying tokens in configuration files.
|
||||
The `enable_token_persistence` flag is also set in the configuration example so that the token is stored to disk in the agent's
|
||||
[data directory](/docs/agent/options#_data_dir). Any future changes to the token that are made through the [API](/api/agent#update-acl-tokens) will
|
||||
be persisted to the same location, and the value in the config file will be ignored.
|
||||
|
||||
The ACL agent token can also be set using the [`consul acl set-agent-token`](/commands/acl/set-agent-token) CLI as shown below.
|
||||
|
||||
```shell-session
|
||||
$ consul acl set-agent-token agent "<agent token here>"
|
||||
```
|
||||
|
||||
## Configure Servers in Secondary Datacenters
|
||||
|
||||
Servers in secondary data centers must be configured to point to the primary data center
|
||||
as shown in the following example. Secondary data centers also need the ACL replication token
|
||||
provided to them.
|
||||
|
||||
### Create the replication token for ACL Management
|
||||
|
||||
Replication tokens are needed for ACL token replication and
|
||||
to create both [configuration entries](/docs/agent/config-entries) and [auth methods](/docs/acl/auth-methods)
|
||||
in connected secondary datacenters.
|
||||
|
||||
Replication tokens require the following permissions:
|
||||
|
||||
- `acl = "write"`: The permission allows you to replicate tokens.
|
||||
- `operator = "write"`: This permission enables the `proxy-default` configuration entries to be replicated and enables CA certificate signing in the secondary datacenter.
|
||||
- `policy = "read"` and `intentions = "read"` in the `service_prefix` field: These permissions enable `service-default` configuration entries, CA, and intention data to be replicated for all services.
|
||||
|
||||
<CodeTabs heading="Replication Token Policy">
|
||||
|
||||
<CodeBlockConfig filename="replication-policy.hcl">
|
||||
|
||||
```hcl
|
||||
acl = "write"
|
||||
operator = "write"
|
||||
service_prefix "" {
|
||||
policy = "read"
|
||||
intentions = "read"
|
||||
}
|
||||
```
|
||||
|
||||
</CodeBlockConfig>
|
||||
</CodeTabs>
|
||||
|
||||
Create a replication policy with the following command:
|
||||
|
||||
```shell-session
|
||||
$ consul acl policy create -name replication -rules @replication-policy.hcl
|
||||
```
|
||||
|
||||
Use your newly created policy to create the replication token.
|
||||
|
||||
```shell-session
|
||||
$ consul acl token create -description "replication token" -policy-name replication
|
||||
```
|
||||
|
||||
### Configure the replication token in Secondary Datacenters
|
||||
|
||||
Add the replication token generated above, to the ACL stanza in secondary datacenters.
|
||||
|
||||
<CodeTabs heading = "ACL Configuration in Secondaries">
|
||||
|
||||
```hcl
|
||||
primary_datacenter = "PRIMARY_DATACENTER_NAME"
|
||||
acl = {
|
||||
enabled = true
|
||||
default_policy = "deny"
|
||||
down_policy = "deny"
|
||||
tokens = {
|
||||
agent = "ACL_AGENT_TOKEN"
|
||||
replication = "ACL_REPLICATION_TOKEN"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"primary_datacenter": "PRIMARY_DATACENTER_VALUE",
|
||||
"acl": {
|
||||
"enabled": true,
|
||||
"default_policy": "deny",
|
||||
"down_policy": "deny",
|
||||
"tokens": {
|
||||
"agent": "ACL_AGENT_TOKEN",
|
||||
"replication": "ACL_REPLICATION_TOKEN"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
~> **Warning:** When enabling ACL token replication in secondary datacenters,
|
||||
global tokens already present in the secondary datacenter will be lost. For
|
||||
production environments, consider configuring ACL replication in your initial
|
||||
datacenter bootstrapping process.
|
||||
|
||||
~> **Warning:** If you are using [Consul Enterprise](/docs/enterprise) and
|
||||
the [Admin Partitions](https://www.consul.io/docs/enterprise/admin-partitions)
|
||||
feature, only ACL tokens in the default partition are replicated to other datacenters.
|
||||
|
||||
## WAN Join Servers
|
||||
|
||||
This step is needed for new federated cluster deployments in order for
|
||||
servers in each federated datacenter to discover each other.
|
||||
|
||||
Run the following command from one of the server nodes.
|
||||
|
||||
```shell-session
|
||||
$ consul join -token="ACL_MANAGEMENT_TOKEN" -wan [server 1, server 2, ...]
|
||||
```
|
||||
|
||||
## Configure Clients in Secondary Datacenters
|
||||
|
||||
When ACLs are enabled, client agents need a special token known as the [`agent token`](/docs/security/acl/acl-system#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
|
||||
registering itself in the catalog, updating node level health checks, and performing [anti-entropy](/docs/architecture/anti-entropy) syncing.
|
||||
|
||||
### Generate Agent ACL Token
|
||||
|
||||
[ACL Node Identities](/docs/security/acl/acl-system#acl-node-identities) were introduced
|
||||
in Consul 1.8.1 and enable easily creating agent tokens with appropriately scoped policies.
|
||||
|
||||
To generate the ACL token using node identity, run the following command:
|
||||
|
||||
```shell-session
|
||||
$ consul acl token create -node-identity=<NODE_NAME>:<DATACENTER>
|
||||
```
|
||||
|
||||
### Configure clients to use the ACL agent token
|
||||
|
||||
Update the client agents to include the token value from the previous step. Replace
|
||||
the `ACL_AGENT_TOKEN` value below with the secret ID value from the command output.
|
||||
|
||||
<CodeTabs heading = "ACL Configuration in Client Agents">
|
||||
|
||||
```hcl
|
||||
primary_datacenter = "PRIMARY_DATACENTER_NAME"
|
||||
acl = {
|
||||
enabled = true
|
||||
default_policy = "deny"
|
||||
down_policy = "deny"
|
||||
tokens = {
|
||||
agent = "ACL_AGENT_TOKEN"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"primary_datacenter": "PRIMARY_DATACENTER_VALUE",
|
||||
"acl": {
|
||||
"enabled": true,
|
||||
"default_policy": "deny",
|
||||
"down_policy": "deny",
|
||||
"tokens": {
|
||||
"agent": "ACL_AGENT_TOKEN"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
</CodeTabs>
|
||||
|
||||
Note that client agents have to be restarted for ACL related configuration changes to take effect.
|
||||
|
||||
## Summary
|
||||
|
||||
After completing the above steps, a federated Consul cluster can be used with ACLs. Refer to
|
||||
[ACL Replication Guide](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters?in=consul/security-operations)
|
||||
for more on this topic.
|
|
@ -20,7 +20,7 @@ upgrade flow.
|
|||
Consul Enterprise versions 1.10.0 through 1.10.4 contain a latent bug that
|
||||
causes those client or server agents to deregister their own services or health
|
||||
checks when some of the servers have been upgraded to 1.11. Before upgrading Consul Enterprise servers to 1.11, all Consul agents should first
|
||||
be upgraded to 1.10.6 or higher to ensure forward compatibility and prevent
|
||||
be upgraded to 1.10.7 or higher to ensure forward compatibility and prevent
|
||||
flapping of catalog registrations.
|
||||
|
||||
### Deprecated Agent Config Options
|
||||
|
|
|
@ -479,6 +479,10 @@
|
|||
"path": "k8s/installation/vault/connect-ca"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Compatibility Matrix",
|
||||
"path": "k8s/installation/compatibility"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -555,10 +559,6 @@
|
|||
{
|
||||
"title": "Overview",
|
||||
"path": "k8s/upgrade"
|
||||
},
|
||||
{
|
||||
"title": "Compatibility Matrix",
|
||||
"path": "k8s/upgrade/compatibility"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -836,6 +836,10 @@
|
|||
"title": "Token Migration",
|
||||
"path": "security/acl/acl-migrate-tokens"
|
||||
},
|
||||
{
|
||||
"title": "ACLs in Federated Datacenters",
|
||||
"path": "security/acl/acl-federated-datacenters"
|
||||
},
|
||||
{
|
||||
"title": "Auth Methods",
|
||||
"routes": [
|
||||
|
|
|
@ -1 +1 @@
|
|||
export default '1.11.1'
|
||||
export default '1.11.2'
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 706 KiB |
File diff suppressed because it is too large
Load Diff
After Width: | Height: | Size: 185 KiB |
Binary file not shown.
After Width: | Height: | Size: 601 KiB |
File diff suppressed because it is too large
Load Diff
After Width: | Height: | Size: 124 KiB |
Loading…
Reference in New Issue