Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support for ACL system #291

Merged
merged 56 commits into from
Aug 18, 2014
Merged

Adding support for ACL system #291

merged 56 commits into from
Aug 18, 2014

Conversation

armon
Copy link
Member

@armon armon commented Aug 18, 2014

Fixes #201. This adds support for a capability-based ACL system. Tokens can be provided as part of requests, and have policies to restrict access ala AWS IAM.

@mitchellh
Copy link
Contributor

😎

@armon
agent: Adding new ACL flags
7e5fdeb
@armon
agent: Changing ACL config names
9cd9a6b
@armon
consul: ACL setting passthrough
a806345
@armon
agent: Adding ACL master token
cae4b42
@armon
consul: ACL structs
3b4d8d5
@armon
consul: Adding ACLs to the state store
fea61d6
@armon
consul: FSM support for ACLsg
70b84e4
@armon
consul: register the ACL queries
b53ee80
@armon
consul: Adding ACL endpoint
7cbb222
@armon
consul: ACL Endpoint tests
1b68068
@armon
agent: ACL endpoint
22658aa
@armon
agent: ACL endpoint tests
78049ad
@armon
acl: First pass
7a1d778
@armon
acl: Adding caching mechanism
6e9792d
@armon
acl: Adding cached policy fetch via ACL
1abfd6c
@armon
consul: Pulling in ACLs
97a737b
@armon
consul: Enable ACL lookup
338f11c
@armon
acl: Change types
50ba1f6
@armon
consul: Verify compilation of rules
b5c9e65
@armon
acl: Associate policy ID
45f358e
@armon
consul: Support conditional policy fetch
b5e2220
@armon
acl: Adding additional tier of caching
ef77869
@armon
consul: Use Etag for policy caching
0c912f2
@armon
acl: Adding cache purging
3569082
@armon
acl: Use only a single Radix tree per ACL
468c8c3
@armon
consul: Testing ACL resolution
fe86c8c
@armon
consul: Testing down policies and multi-DC
01beaa6
@armon
consul: Create anonymous and master tokens
827e7c9
@armon
consul: Adding some metrics for ACL usage
a82439c
@armon
consul: Resolve parent ACLs
10db4c7
@armon
consul: Prevent resolution of root policy
2d5e869
@armon
agent: Special handler if ACL support is disabled
fee3524
@armon
agent: Adding token parsing
88c2a9c
@armon
agent: Fixing the ACL tests
7c5a397
@armon
acl: Support ACL checks, adding new root policy
c215384
@armon
acl: Avoid infinite recursion...
78580a7
@armon
consul: Starting token enforcement
84488ed
@armon
consul: Helpers to filter on ACL rules
614b0a1
@armon
consul: Filter keys, refactor to interface
f49d34d
@armon
consul: ACL enforcement for key reads
c7cb1f5
@armon
acl: Support checking write permissions on a prefix
705c6cd
@armon
consul: ACL enforcement for KV updates
25855b2
@armon
acl: Avoid shared cache with different parents
9bababf
@armon
agent: Copy token in KV PUT/DELETE
0ff28a1
@armon
website: document configuration
8a0eeae
@armon
acl: Updating for HCL changes
34e018e
@armon
agent: Rename acl delete to destroy
343f695
@armon
website: Documenting ACL endpoints
b802dd1
@armon
acl: Test parsing JSON
05900f3
@armon
website: ACL internals
781ff20
@armon
website: rewording
7cd10c8
@armon
consul: Provide ETag to avoid expensive policy fetch
e560077
@armon
consul: Ensure authoritative cache is purged after update
43a7a20
armon added a commit that referenced this pull request Aug 18, 2014
@armon
Merge pull request #291 from hashicorp/f-acl
869d7aa 
Adding support for ACL system
@armon armon merged commit 869d7aa into master Aug 18, 2014
@armon armon deleted the f-acl branch August 18, 2014 22:47
@ryanbreen
Copy link
Contributor

Great work! This unblocks our path to adoption.

duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
@lkysow
Merge pull request hashicorp#291 from hashicorp/consul-1.6.2
859e83d 
Bump default consul version to 1.6.2
duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
@kschoche
Update resources for lifecycle sidecar and init container for connect…
402c38b 
…-inject (hashicorp#291)

* update initContainer for connect-inject and lifecycle sidecar resources
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACL System
3 participants
@armon @mitchellh @ryanbreen