Commit Graph

2307 Commits

Author SHA1 Message Date
Matt Keeler 118adbb123
ACL Token Persistence and Reloading (#5328)
This PR adds two features which will be useful for operators when ACLs are in use.

1. Tokens set in configuration files are now reloadable.
2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload)

Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change.

Some other secondary changes:

* Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly.
* Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. 
* Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents.
* Docs updated to reflect the API additions and to show using the new endpoints.
* Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 14:28:31 -05:00
danielehc f3610df40b Add more details on SkipNodeUpdate option (#5345)
* Add more details on SkipNodeUpdate option

* Updating the language for the entire parameter.
2019-02-26 11:00:23 -06:00
Jack Pearkes cce1c14fac
website: update bootstrap-saas depenency (#5387)
https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
2019-02-25 11:52:00 -08:00
Aestek f1cdfbe40e Allow DNS interface to use agent cache (#5300)
Adds two new configuration parameters "dns_config.use_cache" and
"dns_config.cache_max_age" controlling how DNS requests use the agent
cache when querying servers.
2019-02-25 14:06:01 -05:00
Paul Banks 360e3acc7c Add common blocking implementation details to docs (#5358)
* Add common blocking implementation details to docs

These come up over and over again with blocking query loops in our own code and third-party's. #5333 is possibly a case (unconfirmed) where "badly behaved" blocking clients cause issues, however since we've never explicitly documented these things it's not reasonable for third-party clients to have guessed that they are needed!

This hopefully gives us something to point to for the future.

It's a little wordy - happy to consider breaking some of the blocking stuff out of this page if we think it's appropriate but just wanted to quickly plaster over this gap in our docs for now.

* Update index.html.md

* Apply suggestions from code review

Co-Authored-By: banks <banks@banksco.de>

* Update index.html.md

* Update index.html.md

* Clearified monotonically

* Fixing formating
2019-02-21 15:33:45 -06:00
R.B. Boyer 00aa50cfa2 website: fix errant mention of 'snapshot save' on docs for 'snapshot restore' 2019-02-21 13:48:20 -06:00
kaitlincarter-hc 193c0b727b
[Docs] Helm Chart (#5350)
* Updating the Helm chart to include ACL parameter and examples.

* Updates based on feedback.

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-02-20 18:27:28 -06:00
kaitlincarter-hc a093af320c
[docs] ACL reset procedure (#5334)
* Adding reset instructions.

* Added link to the boostrapping guide for the reset procedure.

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-02-19 10:45:23 -06:00
kaitlincarter-hc 7598b32d1d
[Docs] New KV documentation (#5315)
* Adding new KV doc

* fixing the metadata

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md
2019-02-14 10:25:17 -06:00
R.B. Boyer 397e9cd459
Merge pull request #5343 from hashicorp/fixes-grab-bag
various small fixes
2019-02-13 13:26:20 -06:00
R.B. Boyer adbe8ed370 correct some typos 2019-02-13 13:02:12 -06:00
Dan Brown b24b3a56d0 Docs EA update RA and DG (#5336)
* Confirm RA against Consul 1.3

Change product_version frontmatter to ea_version and increase to 1.3

* Confirm DG against Consul 1.3

Change product_version frontmatter to ea_version and increase to 1.3
2019-02-13 12:53:21 -06:00
petems 5020f97911 Adds newline for bullets
* Formatting was previously broken
2019-02-13 00:54:51 +00:00
petems dad2b24b82 Adds note about secret value
* For future traveler, this literally ate up an entire day of debugging, so hopefully it helped you! 💃
2019-02-13 00:54:27 +00:00
petems 371cac266d Update specific perms for Azure
* `listAll` is not valid
2019-02-13 00:53:51 +00:00
petems 8acadd364a Add note about equals signs 2019-02-12 23:47:19 +00:00
Marlon Maxwel 41742f9504 Documentation - New plugin for frontend applications based in webpack (#5310)
* Add new plugin for front-end applications based in webpack

* Fix doc suggestion

Co-Authored-By: marlonmleite <marlonmleite@gmail.com>
2019-02-12 11:13:43 -06:00
adawalli d7e4151fcb website: Update UI Policy recommendations from Guide (#5321)
The guide currently uses node, service, and service for the UI Policy.
This will cause a practically useless UI. This patch uses the _prefix
variants instead which will have the intended behavior.
2019-02-08 14:39:28 -06:00
Rebecca Zanzig fc1d9e5d78
Merge pull request #5302 from hashicorp/docs/k8s-acl
Update k8s ACL documentation
2019-02-07 13:46:44 -08:00
Rebecca Zanzig 1ef6bf3902 Add additional clarification to the ACL token wording 2019-02-07 13:26:17 -08:00
kaitlincarter-hc 5a98953c43
Apply suggestions from code review
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-07 13:08:04 -08:00
Nick Gunia fb0fc6e459 Remove invalid option -name from ACL token read documentation (#5324)
It appears that the `read` command for ACL policies was used to template the `read` command for ACL tokens, and an invalid option was not dropped from the docs.
2019-02-07 13:05:12 -05:00
Matt Keeler acfd87c673
Improve Connect with Prepared Queries (#5291)
Given a query like:

```
{
   "Name": "tagged-connect-query",
   "Service": {
      "Service": "foo",
      "Tags": ["tag"],
      "Connect": true
   }
}
```

And a Consul configuration like:

```
{
   "services": [
      "name": "foo",
      "port": 8080,
      "connect": { "sidecar_service": {} },
      "tags": ["tag"]
   ]
}
```

If you executed the query it would always turn up with 0 results. This was because the sidecar service was being created without any tags. You could instead make your config look like:

```
{
   "services": [
      "name": "foo",
      "port": 8080,
      "connect": { "sidecar_service": {
         "tags": ["tag"]
      } },
      "tags": ["tag"]
   ]
}
```

However that is a bit redundant for most cases. This PR ensures that the tags and service meta of the parent service get copied to the sidecar service. If there are any tags or service meta set in the sidecar service definition then this copying does not take place. After the changes, the query will now return the expected results.

A second change was made to prepared queries in this PR which is to allow filtering on ServiceMeta just like we allow for filtering on NodeMeta.
2019-02-04 09:36:51 -05:00
kaitlincarter-hc 9bdd921917
Apply suggestions from code review
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-01 14:33:06 -08:00
kaitlincarter-hc c60efabed2
Update website/source/docs/platform/k8s/service-sync.html.md
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-01 14:32:37 -08:00
R.B. Boyer 5165874318
incorrect examples for 'consul acl policy' commands (#5303) 2019-02-01 09:16:36 -06:00
Rebecca Zanzig a3b830f68f Update k8s ACL documentation
Clarifies that an ACL token only needs to be provided when ACLs are
enabled within the Consul cluster.
2019-01-31 13:55:09 -08:00
Matt Keeler 82e741f36f Fix some docs formatting around DNS SOA RR configuration (#5297) 2019-01-30 16:47:32 -06:00
Rebecca Zanzig ce747c63f0
Merge pull request #5292 from hashicorp/docs/acl-quotes
Switch smart quotes to straight quotes
2019-01-29 15:11:00 -08:00
kaitlincarter-hc 14aefea0d4
Created a new index page that links to all the ACL guides. I also removed the sidebar nav drop down to be more consistent with the other guides. (#5260) 2019-01-29 14:51:41 -06:00
Rebecca Zanzig 386df104df Switch smart quotes to straight quotes
The ACL guide had a couple instances of smart quotes which get rendered
as the incorrect character on the website.
2019-01-29 11:29:16 -08:00
Ilya Pavlov 39d5f2c08e Fix missed letter in the documentation (#5281) 2019-01-28 16:25:56 -06:00
kaitlincarter-hc abf32ef5e8
Fixing broken link. (#5283) 2019-01-28 16:23:29 -06:00
mkeeler c97c712e96
Release v1.4.2 2019-01-28 21:46:00 +00:00
Gabriel Pérez S 80325189fc Invalid syntax in Envoy configuration docs. (#5275) 2019-01-28 09:58:29 -05:00
danielehc 1e5c56f1aa Adding quorum note on leave command page (#5102)
Reusing the same phrasing as  https://github.com/hashicorp/consul/pull/5095/ to provide info on the effects of the `consul leave` command on Consul quorum
2019-01-25 14:20:48 -06:00
Geoffrey Grosenbach 4639466618 Corrects `defile` to `defined` (#5262) 2019-01-25 13:45:08 -06:00
Jack Pearkes d51471c9b0 fix broken link (#5273) 2019-01-25 11:40:31 -06:00
Matt Hoey c39ffad100 website: reference last command's last field instead of background PID (#5264) 2019-01-25 17:30:38 +01:00
Paul Banks 89af3bc8f5
Update services.html.md 2019-01-24 12:41:43 +00:00
banks 1d83ebf65d Bump website version 2019-01-23 22:16:20 +00:00
Diogenes S. Jesus f0e081bf88 Fix repeating wording in sentence (#5256)
Fix `to join to join` typo
2019-01-23 09:12:41 -05:00
Hans Hasselberg 0da4502740
website: update nokogiri (#5252) 2019-01-22 21:49:16 +01:00
Kyle Havlovitz 5bdf130767
Merge pull request #4869 from hashicorp/txn-checks
Add node/service/check operations to transaction api
2019-01-22 11:16:09 -08:00
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
kaitlincarter-hc 3e45da1414
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
2019-01-22 10:20:05 -06:00
Erik R. Rygg 8c87238b99
Merge pull request #5215 from hashicorp/deployment_guide_updates
Include information about multi-dc Connect
2019-01-17 19:39:41 -07:00
Rebecca Zanzig ebba215891 Fix broken links 2019-01-16 14:42:12 -08:00
Rebecca Zanzig df99f4a3ac Indent code blocks further to fix list formatting 2019-01-16 14:31:50 -08:00
Rebecca Zanzig 388ff4caed
Merge pull request #5222 from hashicorp/docs/helm-0.5.0
Add documentation about the two additional Helm chart options
2019-01-16 14:18:15 -08:00