Commit Graph

137 Commits

Author SHA1 Message Date
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816)
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
John Murret 029ac10acc
update serf links (#21797)
* update serf links

* add .markdown file extension

* update serf links to use /blob/master/

* fix broken links

---------

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2024-10-02 13:02:23 -06:00
danielehc 250b1dece5
CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509)
* New proposed structure

* Fix structure and add some content

* Fix structure and add some content

* Fix structure and add some content

* Add content

* Add content

* mtls steps

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* spacing fixes

* Replace <CodeTabs>

* <CodeBlockConfig> alignment

* indent fixes

* spacing

* More Code tabs fixes

* Structure chenges

* Structure chenges

* Extra content and CE-713 migration

* Extra content

* Extra content

* Extra content

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

* Test CodeTabs

* Test CodeTabs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-09-19 11:20:44 +02:00
Aimee Ukasick c1d0fc938a
Docs CE-709: Remove circular links (#21685)
Docs CE-70: Remove circular links

Remove links to tutorials that no longer exist and redirect back
to the ACL overview page.
2024-08-29 11:57:32 -05:00
Dan Stough fe2f8f1c72
docs: remove multiport docs, add v1dns flag (#21278)
* docs: remove multiport docs, add v1dns flag

* v2 catalog notice + redirects

* redirect fixes

* Update website/content/docs/k8s/helm.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-06-10 16:21:58 -04:00
Jeff Boruszak 5f129ad5b2
docs: Fix heading errors in security models (#21227)
fixes
2024-05-28 09:54:38 -07:00
Blake Covarrubias 6f02144a14
docs: Fix spelling errors (#21204)
Fix spelling errors across docs site.
2024-05-22 22:36:57 +00:00
nicoche 794e73080d
docs: fix typo in security/acl (#21003) 2024-05-10 16:25:50 -07:00
Jared Kirschner 174f92aa24
docs: fix apply DNS ACL token via CLI (#20951) 2024-04-03 15:28:35 -04:00
Jeff Boruszak 90d3a7c16d
docs: v2 and multiport updates for v1.18 (#20705)
* Move consul resource page + redirect

* Updates for v1.18

* Remove beta warning

* Secondary datacenter constraint

* Clarify transparent proxy in prereqs

* Config entry mention

* requested improvements

* suggestions from review

* additional suggestion
2024-02-28 01:14:25 +00:00
Chris S. Kim 8fe0bd1cbd
Add docs for identity acl rules (#19713) 2023-11-22 12:29:43 -05:00
John Landa 525396651c
DNS token doc updates (#19592)
* DNS token doc updates

Review feedback

Update website/content/commands/acl/set-agent-token.mdx

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

Update dns token doc to link to policy templates

* PR feedback updates
2023-11-13 12:51:49 -07:00
Ronald 62dec7ee17
Fixing docs to add more templated policies references (#19335) 2023-10-23 11:46:14 -04:00
Ronald fea35e61fa
More templated policies docs (#19312)
[NET-5327]More templated policies docs
2023-10-23 12:05:42 +00:00
Ronald 46804c061c
[NET-5327] Templated policies api/cli docs (#19270) 2023-10-23 11:41:24 +00:00
Blake Covarrubias fbc2b93bc4
docs: Rename Consul OSS to Consul CE (#19009)
Rename references of Consul OSS to Consul Community Edition (CE).

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-27 09:31:28 -07:00
Blake Covarrubias 5d0edec01f
docs: Replace unicode quotes with ASCII quotes (#18950)
Replaces unicode quotation marks with ASCII quotation marks.

For code examples, this fixes HCL decoding errors that would otherwise
be raised when attempting to read the file.
2023-09-21 15:17:14 -07:00
Blake Covarrubias cc40e084bb
docs: Fix invalid JSON in code examples (#18932)
This commit fixes invalid JSON in various code examples.
2023-09-21 11:35:16 -07:00
Ronald f463ebd569
Fix create dns token docs (#18927) 2023-09-21 08:33:24 -04:00
Blake Covarrubias 5d349cf6f3
docs: Add complete auth method payloads (#18849)
This commit modifies the example payloads for various auth methods to
remove 'other fields' and instead use complete example payloads.
2023-09-19 23:34:54 +00:00
Tu Nguyen 5af4bbb451
Fix broken links caught in weekly report (#18522)
* fix broken link caught in weekly report

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-08-18 18:54:42 +00:00
Jeremy Jacobson 6424ef6a56
[CC-5719] Add support for builtin global-read-only policy (#18319)
* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2023-08-01 17:12:14 +00:00
Ronald bb6fc63823
fix typo in create a mesh token docs (#18337) 2023-08-01 10:18:08 -04:00
Blake Covarrubias 3894940824
docs: Simplify example jq commands by removing pipes (#18327)
Simplify jq command examples by removing pipes to other commands.
2023-07-31 21:01:39 +00:00
cui fliter 18a5edd232
docs: Fix some comments (#17118)
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-07-31 10:56:09 -07:00
Paul Glass b7cdd18575
NET-1825: More new ACL token creation docs (#18063)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-24 16:53:00 +00:00
Fulvio f4b08040fd
Add verify server hostname to tls default (#17155) 2023-07-10 10:34:41 -05:00
Paul Glass 6a90c2343b
NET-1825: New ACL token creation docs (#16465)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2023-06-14 09:17:30 -05:00
Jared Kirschner 166d7a39e8
docs: consistently name Consul service mesh (#17222)
Remove outdated usage of "Consul Connect" instead of Consul service mesh.

The connect subsystem in Consul provides Consul's service mesh capabilities.
However, the term "Consul Connect" should not be used as an alternative to
the name "Consul service mesh".
2023-05-05 13:41:40 -04:00
trujillo-adam 90bbae5d75
Docs/intentions refactor docs day 2022 (#16758)
* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 15:16:06 -07:00
Eddie Rowe ce6e278d9b
Fix broken links in Consul docs (#16640)
* Fix broken links in Consul docs

* more broken link fixes

* more 404 fixes

* 404 fixes

* broken link fix

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 19:35:34 +00:00
trujillo-adam 23e247d765
Docs/services refactor docs day 122022 (#16103)
* converted main services page to services overview page

* set up services usage dirs

* added Define Services usage page

* converted health checks everything page to Define Health Checks usage page

* added Register Services and Nodes usage page

* converted Query with DNS to Discover Services and Nodes Overview page

* added Configure DNS Behavior usage page

* added Enable Static DNS Lookups usage page

* added the Enable Dynamic Queries DNS Queries usage page

* added the Configuration dir and overview page - may not need the overview, tho

* fixed the nav from previous commit

* added the Services Configuration Reference page

* added Health Checks Configuration Reference page

* updated service defaults configuraiton entry to new configuration ref format

* fixed some bad links found by checker

* more bad links found by checker

* another bad link found by checker

* converted main services page to services overview page

* set up services usage dirs

* added Define Services usage page

* converted health checks everything page to Define Health Checks usage page

* added Register Services and Nodes usage page

* converted Query with DNS to Discover Services and Nodes Overview page

* added Configure DNS Behavior usage page

* added Enable Static DNS Lookups usage page

* added the Enable Dynamic Queries DNS Queries usage page

* added the Configuration dir and overview page - may not need the overview, tho

* fixed the nav from previous commit

* added the Services Configuration Reference page

* added Health Checks Configuration Reference page

* updated service defaults configuraiton entry to new configuration ref format

* fixed some bad links found by checker

* more bad links found by checker

* another bad link found by checker

* fixed cross-links between new topics

* updated links to the new services pages

* fixed bad links in scale file

* tweaks to titles and phrasing

* fixed typo in checks.mdx

* started updating the conf ref to latest template

* update SD conf ref to match latest CT standard

* Apply suggestions from code review

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>

* remove previous version of the checks page

* fixed cross-links

* Apply suggestions from code review

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>

---------

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
2023-02-28 14:09:56 -08:00
skpratt 9199e99e21
Update token language to distinguish Accessor and Secret ID usage (#16044)
* remove legacy tokens

* remove lingering legacy token references from docs

* update language and naming for token secrets and accessor IDs

* updates all tokenID references to clarify accessorID

* remove token type references and lookup tokens by accessorID index

* remove unnecessary constants

* replace additional tokenID param names

* Add warning info for deprecated -id parameter

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Update field comment

Co-authored-by: Paul Glass <pglass@hashicorp.com>

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
2023-02-07 12:26:30 -06:00
Bryce Kalow 9edb625331
docs: update redirected links (#16179) 2023-02-07 10:36:32 -06:00
skpratt ad43846755
Remove legacy acl tokens (#15947)
* remove legacy tokens

* Update test comment

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* fix imports

* update docs for additional CLI changes

* add test case for anonymous token

* set deprecated api fields to json ignore and fix patch errors

* update changelog to breaking-change

* fix import

* update api docs to remove legacy reference

* fix docs nav data

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
2023-01-27 09:17:07 -06:00
Ashlee M Boyer 6e425f7428
docs: Migrate link formats (#15976)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 08:52:43 -08:00
Ronald 6167aef641
Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
Chris S. Kim 31d58014fd
docs: Update acl-tokens.mdx (#15607) 2022-11-29 16:20:39 -05:00
Conrad Kleinespel b168b5c353
Fix AWS IAM trusted identity entity_tags.<key> (#14727)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-29 12:34:28 -08:00
Dan Stough f6ebc48c4e
docs(peering): peering GA ACL updates (#15366)
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-11-18 17:39:41 -05:00
Jared Kirschner 434d92c488 docs: use standard links in ent callout 2022-10-21 06:18:05 -07:00
Jared Kirschner f59483bc9e docs: fix api docs anchor links 2022-10-18 12:53:53 -07:00
Jared Kirschner 04a14e8f07 docs: fix ent feature matrix links 2022-10-18 12:32:56 -07:00
boruszak 212298fd5c Merge branch 'main' into docs/search-refresh06 2022-10-11 10:17:22 -05:00
Bryce Kalow 6a09b284c9
website: fix broken links (#14943) 2022-10-11 09:58:52 -05:00
Jeff Boruszak 74f08b9667
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-11 09:34:17 -05:00
boruszak 53129941b5 /docs/security/acl/auth-methods 2022-09-23 16:04:00 -05:00
boruszak f797d128c7 Spacing and title fixes 2022-09-16 10:28:32 -05:00
boruszak 0e042654dc Merge 'main' into docs/search-metadata-headers 2022-09-15 15:34:36 -05:00
Jeff Boruszak 0dba086cdb
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-09-15 12:10:20 -05:00