Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACL tokens for service/check registration #891

Merged
merged 11 commits into from
May 6, 2015
Merged

ACL tokens for service/check registration #891

merged 11 commits into from
May 6, 2015

Conversation

ryanuber
Copy link
Member

Allows ACL tokens to be provided per service or check. This enables finer-grained ACL policies rather than requiring a "blanket" token configured on the agent.

Tokens can now be provided in configuration files (embedded in service and check definitions), or over the HTTP API by using the ?token= query parameter.

Fixes #734

armon
armon reviewed May 4, 2015
View reviewed changes
command/agent/local.go
@@ -160,6 +198,40 @@ func (l *localState) Services() map[string]*structs.NodeService {
return services
}

// SetCheckToken is used to configure an ACL token for a specific
// health check. The token is used during check registration operations.
func (l *localState) SetCheckToken(id, token string) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ryanuber Can we roll this into the SetCheck? and also RemoveCheckToken into RemoveCheck?

@armon
Copy link
Member

armon commented May 5, 2015

LGTM!

ryanuber added a commit that referenced this pull request May 6, 2015
@ryanuber
Merge pull request #891 from hashicorp/f-token
739d1fd 
ACL tokens for service/check registration
@ryanuber ryanuber merged commit 739d1fd into master May 6, 2015
@ryanuber ryanuber deleted the f-token branch May 6, 2015 05:17
@armon armon mentioned this pull request May 7, 2015
Closed
@jacobat jacobat mentioned this pull request Jun 15, 2015
Closed
duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
@kschoche
use consul-ca-cert when client disabled for sync catalog and auto enc…
46a89d8 
…rypt (hashicorp#891)

Use consul-ca-cert when sync-catalog is enabled and autoencrypt is enabled but clients are disabled.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Service registration denied due to ACLs
2 participants
@ryanuber @armon