Add acl.enable_key_list_policy to agent config docs. (#5227)

* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
This commit is contained in:
kaitlincarter-hc 2019-01-22 10:20:05 -06:00 committed by GitHub
parent 884b2e00af
commit 3e45da1414
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions

View File

@ -552,6 +552,8 @@ default will automatically work with some tooling.
a whitelist: any operation not specifically allowed is blocked. *Note*: this will not take effect until a whitelist: any operation not specifically allowed is blocked. *Note*: this will not take effect until
you've enabled ACLs. you've enabled ACLs.
* <a name="acl_enable_key_list"></a><a href="#acl_enable_key_list">`enable_key_list`</a> - Either "enabled" or "disabled", defaults to "disabled". When enabled, the `list` permission will be required on the prefix being recursively read from the KV store. Regardless of being enabled, the full set of KV entries under the prefix will be filtered to remove any entries that the request's ACL token does not grant at least read persmissions. This option is only available in Consul 1.0 and newer.
* <a name=`acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By * <a name=`acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By
default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will
also enable ACL token replication. also enable ACL token replication.
@ -568,7 +570,7 @@ default will automatically work with some tooling.
you would like to install or change the `acl_master_token`, set the new value for `master` you would like to install or change the `acl_master_token`, set the new value for `master`
in the configuration for all servers. Once this is done, restart the current leader to force a in the configuration for all servers. Once this is done, restart the current leader to force a
leader election. If the `master` token is not supplied, then the servers do not create a master leader election. If the `master` token is not supplied, then the servers do not create a master
token. When you provide a value, it should be a UUID. To maintaing backwards compatibility token. When you provide a value, it should be a UUID. To maintain backwards compatibility
and an upgrade path this restriction is not currently enforced but will be in a future major and an upgrade path this restriction is not currently enforced but will be in a future major
Consul release. Consul release.