30 Commits

Author SHA1 Message Date
R.B. Boyer
462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Jono Sosulska
c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Dexter Lowe
6e208a2120
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Matt Keeler
d3881dd754
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
freddygv
cd927eed5e Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv
b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
Daniel Nephin
ce6cc094a1 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
R.B. Boyer
833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
Chris Piraino
6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Jeff Escalante
326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Paul Mundt
82c391b75d
docs: Add Dart client to list of Libraries and SDKs (#7884) 2020-05-20 12:42:12 +02:00
Chris Piraino
98005a79c4
Ingress and Terminating Gateway docs (#7710)
This PR contains documentation additions for ingress and terminating gateways. New pages for the config-entries and overall feature description were added, as well as various additions to related pages.

Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
Co-authored-by: freddygv <gh@freddygv.xyz>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-05-13 16:29:40 -05:00
R.B. Boyer
44d10e4894
docs: docs for jwt and oidc auth methods (#7847) 2020-05-13 14:14:03 -05:00
krishna sindhur
3698e03e7a
docs: header payload type change (#7763)
* changed the header type from string to list as mentioned in doc in [website/pages/api-docs/agent/check.mdx, website/pages/docs/agent/checks.mdx]
2020-05-12 11:48:48 +02:00
Jono Sosulska
9b363e9f23
Fix spelling of deregister (#7804) 2020-05-08 10:03:45 -04:00
R.B. Boyer
a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
This includes website docs updates.
2020-05-06 13:48:04 -05:00
R.B. Boyer
22eb016153
acl: add MaxTokenTTL field to auth methods (#7779)
When set to a non zero value it will limit the ExpirationTime of all
tokens created via the auth method.
2020-05-04 17:02:57 -05:00
R.B. Boyer
ca52ba7068
acl: add DisplayName field to auth methods (#7769)
Also add a few missing acl fields in the api.
2020-05-04 15:18:25 -05:00
Blake Covarrubias
bf4ef056af
Add callouts to Enterprise features (#7548)
Label all enterprise-related content with Enterprise badge/callout.

Resolves #6887

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-04-28 12:53:29 -04:00
Jeff Escalante
cc19b88288
a couple more anchor link fixes 2020-04-28 12:53:26 -04:00
Jeff Escalante
57c5118a83
update deps, add no-index category, fix downloads page 2020-04-28 12:53:25 -04:00
Jeff Escalante
6907c7e3db
fix broken links 2020-04-28 12:53:25 -04:00
Jeff Escalante
4a5d67a24e
add k8s/consul alias back, fix react prop name 2020-04-28 12:53:24 -04:00
Jeff Escalante
a8a3c76983
remove 'sidebar_current' from frontmatter 2020-04-28 12:53:24 -04:00
Jeff Escalante
21ea5287b3
fix new syntax error 2020-04-28 12:53:22 -04:00
Jeff Escalante
2bfa64f903
replace internal .html link extensions 2020-04-28 12:53:20 -04:00
Jeff Escalante
9cd0b95f24
remove internal /index.html 2020-04-28 12:53:20 -04:00
Jeff Escalante
711352bcf1
docs rendering 2020-04-28 12:53:18 -04:00
Jeff Escalante
6bd1a51413
intro and api navigation converted 2020-04-28 12:52:44 -04:00
Jeff Escalante
93bc85dc4f
initial 2020-04-28 12:52:43 -04:00