github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[docs] Move Sentinel documentation (#5478)

Browse Source 
* Moving sentinel doc

* updating links, fixing headings.

* Update website/source/docs/agent/acl-rules.html.md
pull/5484/head
kaitlincarter-hc 6 years ago committed by GitHub
parent cb1967259e
commit 51acd28d3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File

2
website/source/docs/agent/acl-rules.html.md
Unescape View File

@ -279,7 +279,7 @@ EOF
}
```
For more detailed documentation, see the [Consul Sentinel Guide](/docs/guides/sentinel.html).
For more detailed information, see the [Consul Sentinel documentation](/docs/agent/sentinel.html).
#### Keyring Rules

37
website/source/docs/guides/sentinel.html.markdown.erb → website/source/docs/agent/sentinel.html.markdown.erb
Unescape View File

@ -1,7 +1,7 @@
---
layout: "docs"
page_title: "Sentinel in Consul"
sidebar_current: "docs-guides-sentinel"
sidebar_current: "docs-agent-sentinel"
description: |-
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide advanced policy enforcement. Sentinel policies can currently execute on KV modify and service registration.
---
@ -14,29 +14,27 @@ description: |-
Consul 1.0 adds integration with [Sentinel](https://hashicorp.com/sentinel) for policy enforcement.
Sentinel policies help extend the ACL system in Consul beyond the static "read", "write", and "deny"
policies to support full conditional logic, and integration with external systems.
policies to support full conditional logic and integration with external systems.
## Sentinel in Consul
Sentinel policies are applied during writes to the KV Store.
ACL policy definitions take a `sentinel` field specifying the code and the enforcement level.
Here's an example:
An optional `sentinel` field specifying code and enforcement level can be added to [ACL policy definitions](/docs/agent/acl-rules.html#sentinel-integration) for Consul KV. The following policy ensures that the value written during a KV update must end with "dc1".
```text
key "datacenter_name" {
policy = "write"
sentinel {
code = <<EOF
import "strings"
main = rule { strings.has_suffix(value,"foo") }
enforcementlevel = "soft-mandatory"
main = rule { strings.has_suffix(value, "dc1") }
EOF
enforcementlevel = "soft-mandatory"
}
}
```
This policy ensures that the value written during a KV update must end with "foo".
If the `enforcementlevel` property is not set, it defaults to "hard-mandatory".
## Imports
@ -57,27 +55,32 @@ Consul passes some context as variables into Sentinel, which are available to us
| `flags` | `uint64` | [Flags](/api/kv.html#flags) |
## Examples
The following are some examples of ACL policies with Sentinel rules.
## Sentinel Examples
The following are two examples of ACL policies with Sentinel rules.
### Any values stored under the key prefix "foo" must end with "bar"
### Required Key Suffix
Any values stored under the key prefix "dc1" must end with "dev"
```text
key "foo" {
key "dc1" {
policy = "write"
sentinel {
code = <<EOF
import "strings"
main = rule { strings.has_suffix(value, "bar") }
main = rule { strings.has_suffix(value, "dev") }
EOF
}
}
```
### The key "foo" can only be updated during business hours.
### Restrited Update Time
The key "haproxy_version" can only be updated during business hours.
```text
key "foo" {
key "haproxy_version" {
policy = "write"
sentinel {
code = <<EOF

2
website/source/docs/guides/index.html.md
Unescape View File

@ -64,8 +64,6 @@ The following guides are available:
* [Semaphore](/docs/guides/semaphore.html) - This guide covers using the KV store to implement a semaphore.
* [Sentinel](/docs/guides/sentinel.html) - This guide covers using Sentinel for policy enforcement in Consul.
* [Server Performance](/docs/guides/performance.html) - This guide covers minimum requirements for Consul servers as well as guidelines for running Consul servers in production.
* [Windows Service](/docs/guides/windows-guide.html) - This guide covers how to run Consul as a service on Windows.

6
website/source/layouts/docs.erb
Unescape View File

@ -303,6 +303,9 @@
<li<%= sidebar_current("docs-agent-kv") %>>
<a href="/docs/agent/kv.html">Consul KV</a>
</li>
<li<%= sidebar_current("docs-agent-sentinel") %>>
<a href="/docs/agent/sentinel.html">Sentinel</a>
</li>
<li<%= sidebar_current("docs-agent-encryption") %>>
<a href="/docs/agent/encryption.html">Encryption</a>
</li>
@ -480,9 +483,6 @@
<li<%= sidebar_current("docs-guides-semaphore") %>>
<a href="/docs/guides/semaphore.html">Semaphore</a>
</li>
<li<%= sidebar_current("docs-guides-sentinel") %>>
<a href="/docs/guides/sentinel.html">Sentinel</a>
</li>
<li<%= sidebar_current("docs-guides-performance") %>>
<a href="/docs/guides/performance.html">Server Performance</a>
</li>

Write Preview
Loading…
Cancel
Save