github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

docs: Add intentions to ACL System docs (#10323) 

Adds mention of `intentions` rules to ACL System and ACL Rules pages.

Resolves #9790
pull/10462/head
Blake Covarrubias 3 years ago committed by GitHub
parent
a0cd3dd88e
commit
c271308473
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      website/content/docs/security/acl/acl-rules.mdx
  2. 2
      website/content/docs/security/acl/acl-system.mdx

14
website/content/docs/security/acl/acl-rules.mdx
Unescape View File

@ -512,7 +512,19 @@ In addition to ACLs, in Consul 0.9.0 and later, the agent must be configured wit
[`enable_local_script_checks`](/docs/agent/options#_enable_local_script_checks)
set to `true` in order to enable script checks.
-> Note: [Intention privileges](/docs/connect/intentions#intention-management-permissions) are managed with service rules.
Service rules are also used to grant read or write access to intentions. The
following policy provides read-write access to the "app" service, and explicitly
grants `intentions:read` access to view intentions associated with the "app" service.
```hcl
service "app" {
policy = "write"
intentions = "read"
}
```
Refer to [Intention Management Permissions](/docs/connect/intentions#intention-management-permissions)
for more information about managing intentions access with service rules.
#### Session Rules

2
website/content/docs/security/acl/acl-system.mdx
Unescape View File

@ -246,7 +246,7 @@ rules:
| [`node`](/docs/acl/acl-rules#node-rules) | Node-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), [Network Coordinate API](/api/coordinate), and [Agent API](/api/agent) |
| [`operator`](/docs/acl/acl-rules#operator-rules) | Cluster-level operations in the [Operator API](/api/operator), other than the [Keyring API](/api/operator/keyring) |
| [`query`](/docs/acl/acl-rules#prepared-query-rules) | Prepared query operations in the [Prepared Query API](/api/query) |
| [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Prepared Query API](/api/query), and [Agent API](/api/agent) |
| [`service`](/docs/acl/acl-rules#service-rules) | Service-level catalog operations in the [Catalog API](/api/catalog), [Health API](/api/health), [Intentions API](/api/connect/intentions), [Prepared Query API](/api/query), and [Agent API](/api/agent) |
| [`session`](/docs/acl/acl-rules#session-rules) | Session operations in the [Session API](/api/session) |
Since Consul snapshots actually contain ACL tokens, the [Snapshot API](/api/snapshot)

Write Preview
Loading…
Cancel
Save