mirror of https://github.com/status-im/consul.git
docs: Add intentions to ACL System docs (#10323)
Adds mention of `intentions` rules to ACL System and ACL Rules pages. Resolves #9790
This commit is contained in:
parent
c8393cb25f
commit
c469c701fe
|
@ -512,7 +512,19 @@ In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured wit
|
||||||
[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks)
|
[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks)
|
||||||
set to `true` in order to enable script checks.
|
set to `true` in order to enable script checks.
|
||||||
|
|
||||||
-> Note: [Intention privileges](/docs/connect/intentions#intention-management-permissions) are managed with service rules.
|
Service rules are also used to grant read or write access to intentions. The
|
||||||
|
following policy provides read-write access to the "app" service, and explicitly
|
||||||
|
grants `intentions:read` access to view intentions associated with the "app" service.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
service "app" {
|
||||||
|
policy = "write"
|
||||||
|
intentions = "read"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Refer to [Intention Management Permissions](/docs/connect/intentions#intention-management-permissions)
|
||||||
|
for more information about managing intentions access with service rules.
|
||||||
|
|
||||||
#### Session Rules
|
#### Session Rules
|
||||||
|
|
||||||
|
|
|
@ -246,7 +246,7 @@ rules:
|
||||||
| [`node`](/docs/acl/acl-rules#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) |
|
| [`node`](/docs/acl/acl-rules#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) |
|
||||||
| [`operator`](/docs/acl/acl-rules#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) |
|
| [`operator`](/docs/acl/acl-rules#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) |
|
||||||
| [`query`](/docs/acl/acl-rules#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) |
|
| [`query`](/docs/acl/acl-rules#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) |
|
||||||
| [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), and [Agent API](/api/agent) |
|
| [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Intentions API](/api/connect/intentions), [Prepared Query API](/api/query), and [Agent API](/api/agent) |
|
||||||
| [`session`](/docs/acl/acl-rules#session-rules) | Session operations in the [Session API](/api/session) |
|
| [`session`](/docs/acl/acl-rules#session-rules) | Session operations in the [Session API](/api/session) |
|
||||||
|
|
||||||
Since Consul snapshots actually contain ACL tokens, the [Snapshot API](/api/snapshot)
|
Since Consul snapshots actually contain ACL tokens, the [Snapshot API](/api/snapshot)
|
||||||
|
|
Loading…
Reference in New Issue