mirror of https://github.com/status-im/consul.git
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs. * Fixed typo in master token section * Updated based on comments from Paul and Matt.
This commit is contained in:
parent
884b2e00af
commit
3e45da1414
|
@ -552,6 +552,8 @@ default will automatically work with some tooling.
|
||||||
a whitelist: any operation not specifically allowed is blocked. *Note*: this will not take effect until
|
a whitelist: any operation not specifically allowed is blocked. *Note*: this will not take effect until
|
||||||
you've enabled ACLs.
|
you've enabled ACLs.
|
||||||
|
|
||||||
|
* <a name="acl_enable_key_list"></a><a href="#acl_enable_key_list">`enable_key_list`</a> - Either "enabled" or "disabled", defaults to "disabled". When enabled, the `list` permission will be required on the prefix being recursively read from the KV store. Regardless of being enabled, the full set of KV entries under the prefix will be filtered to remove any entries that the request's ACL token does not grant at least read persmissions. This option is only available in Consul 1.0 and newer.
|
||||||
|
|
||||||
* <a name=`acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By
|
* <a name=`acl_enable_token_replication"></a><a href="#acl_enable_token_replication">`enable_token_replication`</a> - By
|
||||||
default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will
|
default secondary Consul datacenters will perform replication of only ACL policies. Setting this configuration will
|
||||||
also enable ACL token replication.
|
also enable ACL token replication.
|
||||||
|
@ -568,7 +570,7 @@ default will automatically work with some tooling.
|
||||||
you would like to install or change the `acl_master_token`, set the new value for `master`
|
you would like to install or change the `acl_master_token`, set the new value for `master`
|
||||||
in the configuration for all servers. Once this is done, restart the current leader to force a
|
in the configuration for all servers. Once this is done, restart the current leader to force a
|
||||||
leader election. If the `master` token is not supplied, then the servers do not create a master
|
leader election. If the `master` token is not supplied, then the servers do not create a master
|
||||||
token. When you provide a value, it should be a UUID. To maintaing backwards compatibility
|
token. When you provide a value, it should be a UUID. To maintain backwards compatibility
|
||||||
and an upgrade path this restriction is not currently enforced but will be in a future major
|
and an upgrade path this restriction is not currently enforced but will be in a future major
|
||||||
Consul release.
|
Consul release.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue