docs: Redirect /docs/security/acl/acl-system (#12975)

/docs/security/acl/acl-system was renamed in e9a42df from PR #12460 to
/docs/security/acl. A corresponding redirect was not added for this
page, resulting in a 404 being returned when accessing the old URL
path.

This commit redirects the former URL path to the new location, and
also updates all links on the site to point to the new location.
This commit is contained in:
Blake Covarrubias 2022-05-09 09:04:23 -07:00 committed by GitHub
parent 8661be475b
commit a78015c5fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 40 additions and 30 deletions

View File

@ -50,7 +50,7 @@ The corresponding CLI command is [`consul acl role create`](/commands/acl/role/c
breaking tokens. breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service - `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be identities](/docs/security/acl#service-identities) that should be
applied to the role. Added in Consul 1.5.0. applied to the role. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name - `ServiceName` `(string: <required>)` - The name of the service. The name
@ -64,7 +64,7 @@ The corresponding CLI command is [`consul acl role create`](/commands/acl/role/c
but may in the future. but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node - `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be identities](/docs/security/acl#node-identities) that should be
applied to the role. Added in Consul 1.8.1. applied to the role. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name - `NodeName` `(string: <required>)` - The name of the node. The name
@ -339,11 +339,11 @@ The corresponding CLI command is [`consul acl role update`](/commands/acl/role/u
breaking tokens. breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service - `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be identities](/docs/security/acl#service-identities) that should be
applied to the role. Added in Consul 1.5.0. applied to the role. Added in Consul 1.5.0.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node - `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be identities](/docs/security/acl#node-identities) that should be
applied to the role. Added in Consul 1.8.1. applied to the role. Added in Consul 1.8.1.
- `Namespace` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of - `Namespace` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of

View File

@ -62,7 +62,7 @@ The corresponding CLI command is [`consul acl token create`](/commands/acl/token
enables role renaming without breaking tokens. Added in Consul 1.5.0. enables role renaming without breaking tokens. Added in Consul 1.5.0.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service - `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be identities](/docs/security/acl#service-identities) that should be
applied to the token. Added in Consul 1.5.0. applied to the token. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name - `ServiceName` `(string: <required>)` - The name of the service. The name
@ -76,7 +76,7 @@ The corresponding CLI command is [`consul acl token create`](/commands/acl/token
but may in the future. but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node - `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be identities](/docs/security/acl#node-identities) that should be
applied to the token. Added in Consul 1.8.1. applied to the token. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name - `NodeName` `(string: <required>)` - The name of the node. The name
@ -418,7 +418,7 @@ The corresponding CLI command is [`consul acl token update`](/commands/acl/token
enables role renaming without breaking tokens. enables role renaming without breaking tokens.
- `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service - `ServiceIdentities` `(array<ServiceIdentity>)` - The list of [service
identities](/docs/security/acl/acl-system#acl-service-identities) that should be identities](/docs/security/acl#service-identities) that should be
applied to the token. Added in Consul 1.5.0. applied to the token. Added in Consul 1.5.0.
- `ServiceName` `(string: <required>)` - The name of the service. The name - `ServiceName` `(string: <required>)` - The name of the service. The name
@ -432,7 +432,7 @@ The corresponding CLI command is [`consul acl token update`](/commands/acl/token
but may in the future. but may in the future.
- `NodeIdentities` `(array<NodeIdentity>)` - The list of [node - `NodeIdentities` `(array<NodeIdentity>)` - The list of [node
identities](/docs/security/acl/acl-system#acl-node-identities) that should be identities](/docs/security/acl#node-identities) that should be
applied to the token. Added in Consul 1.8.1. applied to the token. Added in Consul 1.8.1.
- `NodeName` `(string: <required>)` - The name of the node. The name - `NodeName` `(string: <required>)` - The name of the node. The name

View File

@ -44,7 +44,7 @@ Previously this was provided via a `?token=` query parameter. This functionality
exists on many endpoints for backwards compatibility, but its use is **highly exists on many endpoints for backwards compatibility, but its use is **highly
discouraged**, since it can show up in access logs as part of the URL. discouraged**, since it can show up in access logs as part of the URL.
To learn more about the ACL system read the [documentation](/docs/security/acl/acl-system). To learn more about the ACL system read the [documentation](/docs/security/acl).
## Version Prefix ## Version Prefix

View File

@ -40,7 +40,7 @@ execute this command.
| `key:write` | `"_rexec"` prefix | | `key:write` | `"_rexec"` prefix |
| `event:write` | `"_rexec"` prefix | | `event:write` | `"_rexec"` prefix |
In addition to the above, the policy associated with the [agent token](/docs/security/acl/acl-system#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store. In addition to the above, the policy associated with the [agent token](/docs/security/acl/acl-tokens#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store.
## Usage ## Usage

View File

@ -94,7 +94,7 @@ Command Options
## Authentication ## Authentication
When the [ACL system is enabled](/docs/agent/options#acl_enabled) the Consul CLI will When the [ACL system is enabled](/docs/agent/options#acl_enabled) the Consul CLI will
require an [ACL token](/docs/security/acl/acl-system#tokens) to perform API requests. require an [ACL token](/docs/security/acl#tokens) to perform API requests.
The ACL token can be provided directly on the command line using the `-token` command line flag, The ACL token can be provided directly on the command line using the `-token` command line flag,
from a file using the `-token-file` command line flag, or from the from a file using the `-token-file` command line flag, or from the

View File

@ -488,14 +488,14 @@ or local datacenter respectively.
## DNS with ACLs ## DNS with ACLs
In order to use the DNS interface when In order to use the DNS interface when
[Access Control Lists (ACLs)](/docs/security/acl/acl-system) [Access Control Lists (ACLs)](/docs/security/acl)
are enabled, you must first create ACL tokens with the necessary policies. are enabled, you must first create ACL tokens with the necessary policies.
Consul agents resolve DNS requests using one of the preconfigured tokens below, Consul agents resolve DNS requests using one of the preconfigured tokens below,
listed in order of precedence: listed in order of precedence:
1. The agent's [`default` token](/docs/agent/config/config-files#acl_tokens_default). 1. The agent's [`default` token](/docs/agent/config/config-files#acl_tokens_default).
2. The built-in [`anonymous` token](/docs/security/acl/acl-system#builtin-tokens). 2. The built-in [`anonymous` token](/docs/security/acl/acl-tokens#built-in-tokens).
Because the anonymous token is used when any request is made to Consul without Because the anonymous token is used when any request is made to Consul without
explicitly specifying a token, production deployments should not apply policies explicitly specifying a token, production deployments should not apply policies
needed for DNS to this token. needed for DNS to this token.

View File

@ -57,7 +57,7 @@ names on ECS are not known until runtime.
### Create service tokens ### Create service tokens
Service tokens should be associated with a [service identity](https://www.consul.io/docs/security/acl/acl-system#acl-service-identities). Service tokens should be associated with a [service identity](/docs/security/acl#service-identities).
The service identity includes `service:write` permissions for the service and sidecar proxy. The service identity includes `service:write` permissions for the service and sidecar proxy.
The following example shows how to use the Consul CLI to create a service token for a service named `example-client-app`: The following example shows how to use the Consul CLI to create a service token for a service named `example-client-app`:

View File

@ -138,7 +138,7 @@ is set to `OperationStart` which indicates the agent has begun processing the
request. request.
The value of the `payload.auth.accessor_id` field is the accessor ID of the The value of the `payload.auth.accessor_id` field is the accessor ID of the
[ACL token](/docs/security/acl/acl-system#acl-tokens) which issued the request. [ACL token](/docs/security/acl#tokens) which issued the request.
<CodeBlockConfig highlight="10"> <CodeBlockConfig highlight="10">

View File

@ -23,7 +23,7 @@ description: >-
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information. - The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. See the [Migrate Legacy ACL Tokens Learn Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) for more information.
- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-system#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information. - The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/commands/acl/set-agent-token) for more information.
- Drops support for Envoy versions 1.15.x and 1.16.x - Drops support for Envoy versions 1.15.x and 1.16.x

View File

@ -180,12 +180,12 @@ $ consul join -token="ACL_MANAGEMENT_TOKEN" -wan [server 1, server 2, ...]
## Configure Clients in Secondary Datacenters ## Configure Clients in Secondary Datacenters
When ACLs are enabled, client agents need a special token known as the [`agent token`](/docs/security/acl/acl-system#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including When ACLs are enabled, client agents need a special token known as the [`agent token`](/docs/security/acl/acl-tokens#acl-agent-token) to perform internal operations. Agent tokens need to have the right policies for node related actions, including
registering itself in the catalog, updating node level health checks, and performing [anti-entropy](/docs/architecture/anti-entropy) syncing. registering itself in the catalog, updating node level health checks, and performing [anti-entropy](/docs/architecture/anti-entropy) syncing.
### Generate Agent ACL Token ### Generate Agent ACL Token
[ACL Node Identities](/docs/security/acl/acl-system#acl-node-identities) were introduced [ACL Node Identities](/docs/security/acl#node-identities) were introduced
in Consul 1.8.1 and enable easily creating agent tokens with appropriately scoped policies. in Consul 1.8.1 and enable easily creating agent tokens with appropriately scoped policies.
To generate the ACL token using node identity, run the following command: To generate the ACL token using node identity, run the following command:

View File

@ -10,12 +10,12 @@ description: >-
# ACL System in Legacy Mode # ACL System in Legacy Mode
-> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/security/acl/acl-system). -> **1.3.0 and earlier:** This document only applies in Consul versions 1.3.0 and before. If you are using version 1.4.0 or later please use the updated documentation [here](/docs/security/acl).
~> **Alert: Deprecation Notice** ~> **Alert: Deprecation Notice**
The ACL system described here was Consul's original ACL implementation. The ACL system described here was Consul's original ACL implementation.
The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0. The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0.
The documentation for the new ACL system can be found [here](/docs/security/acl/acl-system). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial. The documentation for the new ACL system can be found [here](/docs/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) tutorial.
The legacy documentation has two sections. The legacy documentation has two sections.
@ -26,7 +26,7 @@ The legacy documentation has two sections.
# New ACL System Differences # New ACL System Differences
The [ACL System documentation](/docs/security/acl/acl-system) and [legacy ACL The [ACL System documentation](/docs/security/acl) and [legacy ACL
documentation](/docs/security/acl/acl-legacy) describes the new and old systems in documentation](/docs/security/acl/acl-legacy) describes the new and old systems in
detail. Below is a summary of the changes that need to be considered when detail. Below is a summary of the changes that need to be considered when
migrating legacy tokens to the new system. migrating legacy tokens to the new system.

View File

@ -13,13 +13,13 @@ This topic describes access control list (ACL) tokens, which are the core method
Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. When ACLs are enabled, entities requesting access to a resource must include a token that has been linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resource based on the associated permissions. Tokens are artifacts in the ACL system used to authenticate users, services, and Consul agents. When ACLs are enabled, entities requesting access to a resource must include a token that has been linked with a policy, service identity, or node identity that grants permission to the resource. The ACL system checks the token and grants or denies access to resource based on the associated permissions.
Refer to the [ACL system workflow overview](/docs/security/acl/acl-system#workflow-overview) for information about tokens' role in the ACL system. Refer to the [ACL system workflow overview](/docs/security/acl#workflow-overview) for information about tokens' role in the ACL system.
## Creating Tokens ## Creating Tokens
The person responsible for administrating ACLs can use the API or CLI to create and link tokens to entities that enable permissions to resources. The person responsible for administrating ACLs can use the API or CLI to create and link tokens to entities that enable permissions to resources.
Refer to the [ACL API](/api-docs/acl) and [ACL CLI](/commands/acl) documentation for instructions on how to create and link tokens. Tokens can also be created dynamically from trusted external system using an Refer to the [ACL API](/api-docs/acl) and [ACL CLI](/commands/acl) documentation for instructions on how to create and link tokens. Tokens can also be created dynamically from trusted external system using an
[auth method](/docs/security/acl/auth-methods). [auth method](/docs/security/acl/auth-methods).
Refer to the [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?in=consul/security) tutorial for help getting started with creating tokens. The tutorial includes an interactive sandbox so that you can perform the procedures without configuring your local environment. Refer to the [Secure Consul with Access Control Lists (ACLs)](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?in=consul/security) tutorial for help getting started with creating tokens. The tutorial includes an interactive sandbox so that you can perform the procedures without configuring your local environment.
@ -148,8 +148,8 @@ Refer to the [API](/api-docs/acl/token) or [command line](/commands/acl/token) d
| `Namespace` | <EnterpriseAlert inline/> Specifies the name of the Consul namespace in which the token is valid. See [Namespaces](/docs/enterprise/namespaces) for additional information. | String | `default` | | `Namespace` | <EnterpriseAlert inline/> Specifies the name of the Consul namespace in which the token is valid. See [Namespaces](/docs/enterprise/namespaces) for additional information. | String | `default` |
| `Description` | Human-readable description for documenting the purpose of the token. | String | none | | `Description` | Human-readable description for documenting the purpose of the token. | String | none |
| `Local` | Indicates whether the token should be replicated globally or local to the datacenter. <br/> Set to `false` to replicate globally across all reachable datacenters. <br/>Setting to `true` configures the token to functional in the local datacenter only. | Boolean | `false` | | `Local` | Indicates whether the token should be replicated globally or local to the datacenter. <br/> Set to `false` to replicate globally across all reachable datacenters. <br/>Setting to `true` configures the token to functional in the local datacenter only. | Boolean | `false` |
| `ServiceIdentities` | Specifies a list of nodes to apply to the token. See [Service Identities](/docs/security/roles#service-identities) in the "Roles" topic for additional information. | Array | none | | `ServiceIdentities` | Specifies a list of nodes to apply to the token. See [Service Identities](/docs/security/acl/acl-roles#service-identities) in the "Roles" topic for additional information. | Array | none |
| `NodeIdentities` | Specifies a list of nodes to apply to the token. See [Node Identities](/docs/security/roles##node-identities) in the "Roles" topic for additional information. | Array | none | | `NodeIdentities` | Specifies a list of nodes to apply to the token. See [Node Identities](/docs/security/acl/acl-roles#node-identities) in the "Roles" topic for additional information. | Array | none |
| `Legacy` | Indicates if the token was created using the the legacy ACL system. | Boolean | `false` | | `Legacy` | Indicates if the token was created using the the legacy ACL system. | Boolean | `false` |
| `Policies` | List of policies linked to the token, including the policy ID and name. | String | none | | `Policies` | List of policies linked to the token, including the policy ID and name. | String | none |

View File

@ -170,7 +170,7 @@ environment and adapt these configurations accordingly.
capabilities tied to an individual human, or machine operator identity. To ultimately secure the ACL system, capabilities tied to an individual human, or machine operator identity. To ultimately secure the ACL system,
administrators should configure the [`default_policy`](/docs/agent/config/config-files#acl_default_policy) to "deny". administrators should configure the [`default_policy`](/docs/agent/config/config-files#acl_default_policy) to "deny".
The [system](/docs/security/acl/acl-system) is comprised of five major components: The [system](/docs/security/acl) is comprised of five major components:
- **🗝 Token** - API key associated with policies, roles, or service identities. - **🗝 Token** - API key associated with policies, roles, or service identities.

View File

@ -47,12 +47,22 @@ module.exports = [
}, },
{ {
source: '/docs/agent/acl-system', source: '/docs/agent/acl-system',
destination: '/docs/security/acl/acl-system', destination: '/docs/security/acl',
permanent: true, permanent: true,
}, },
{ {
source: '/docs/acl/acl-system', source: '/docs/acl/acl-system',
destination: '/docs/security/acl/acl-system', destination: '/docs/security/acl',
permanent: true,
},
{
source: '/docs/security/acl/acl-system',
destination: '/docs/security/acl',
permanent: true,
},
{
source: '/docs/security/roles',
destination: '/docs/security/acl/acl-roles',
permanent: true, permanent: true,
}, },
{ source: '/docs/agent/http', destination: '/api-docs', permanent: true }, { source: '/docs/agent/http', destination: '/api-docs', permanent: true },
@ -1287,9 +1297,9 @@ module.exports = [
{ {
source: '/docs/nia/release-notes/0-5-0', source: '/docs/nia/release-notes/0-5-0',
destination: '/docs/release-notes/consul-terraform-sync/v0_5_x', destination: '/docs/release-notes/consul-terraform-sync/v0_5_x',
permanent: true, permanent: true,
}, },
{ {
source: '/docs/api-gateway/api-gateway-usage', source: '/docs/api-gateway/api-gateway-usage',
destination: '/docs/api-gateway/consul-api-gateway-install', destination: '/docs/api-gateway/consul-api-gateway-install',
permanent: true, permanent: true,