Skip to content

Backport of [CC-5719] Add support for builtin global-read-only policy into release/1.15.x#18344

Merged
hc-github-team-consul-core merged 1 commit into
release/1.15.xfrom
backport/jer/read-only-policy/simply-fit-jackass
Aug 1, 2023
Merged

Backport of [CC-5719] Add support for builtin global-read-only policy into release/1.15.x#18344
hc-github-team-consul-core merged 1 commit into
release/1.15.xfrom
backport/jer/read-only-policy/simply-fit-jackass

Conversation

@hc-github-team-consul-core
Copy link
Copy Markdown
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Aug 1, 2023

Backport

This PR is auto-generated from #18319 to be assessed for backporting due to the inclusion of the label backport/1.15.

The below text is copied from the body of the original PR.

Description

This adds a new builtin policy that provides global read-only access, in contrast to the global read-write access that the builtin global-management policy provides. Other changes were made to process builtin policies more generically, since there are several places where checks or validations are done before processing or altering a policy.

Links

Ticket
RFC

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core removed the request for review from a team August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from 1809fe4 to 01395e3 Compare August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from 6c0a86a to e310bdb Compare August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core enabled auto-merge (squash) August 1, 2023 17:12
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Aug 1, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@github-actions github-actions Bot added type/docs Documentation needs to be created/updated/clarified theme/api Relating to the HTTP API interface theme/acls ACL and token generation theme/cli Flags and documentation for the CLI interface theme/config Relating to Consul Agent configuration, including reloading theme/ui Anything related to the UI theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/tls Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication type/ci Relating to continuous integration (CI) tooling for testing or releases pr/dependencies PR specifically updates dependencies of project theme/envoy/xds Related to Envoy support theme/contributing Additions and enhancements to community contributing materials theme/internals Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics theme/certificates Related to creating, distributing, and rotating certificates in Consul theme/agent-cache Agent Cache theme/consul-terraform-sync Relating to Consul Terraform Sync and Network Infrastructure Automation labels Aug 1, 2023
@hc-github-team-consul-core
Copy link
Copy Markdown
Collaborator Author

hc-github-team-consul-core commented Aug 1, 2023

🤔 This PR has changes in the website/ directory but does not have a type/docs-cherrypick label. If the changes are for the next version, this can be ignored. If they are updates to current docs, attach the label to auto cherrypick to the stable-website branch after merging.

@vercel vercel Bot temporarily deployed to Preview – consul August 1, 2023 17:18 Inactive
@vercel vercel Bot temporarily deployed to Preview – consul-ui-staging August 1, 2023 17:19 Inactive
@jjacobson93 @cthain @lornasong
[CC-5719] Add support for builtin global-read-only policy (#18319)
96e0b6b 
* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
@lornasong lornasong force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from e310bdb to 96e0b6b Compare August 1, 2023 21:22
@lornasong
Copy link
Copy Markdown
Contributor

lornasong commented Aug 1, 2023

Resolved this by:

git remote update
git checkout -B backport/jer/read-only-policy/simply-fit-jackass origin/release/1.15.x
git cherry-pick 6424ef6a56435191aae5da1392ae2f5a89bc5591
git push -f origin backport/jer/read-only-policy/simply-fit-jackass

Commit cherry-picked: 6424ef6

@hc-github-team-consul-core hc-github-team-consul-core merged commit 30a1623 into release/1.15.x Aug 1, 2023
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/jer/read-only-policy/simply-fit-jackass branch August 1, 2023 21:42
@atlassian atlassian Bot mentioned this pull request Aug 28, 2023
Closed
@atlassian atlassian Bot mentioned this pull request Dec 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@shore shore Awaiting requested review from shore

@jeanneryan jeanneryan Awaiting requested review from jeanneryan

@jjacobson93 jjacobson93 Awaiting requested review from jjacobson93

Assignees

@jjacobson93 jjacobson93

Labels

pr/dependencies PR specifically updates dependencies of project theme/acls ACL and token generation theme/agent-cache Agent Cache theme/api Relating to the HTTP API interface theme/certificates Related to creating, distributing, and rotating certificates in Consul theme/cli Flags and documentation for the CLI interface theme/config Relating to Consul Agent configuration, including reloading theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/consul-terraform-sync Relating to Consul Terraform Sync and Network Infrastructure Automation theme/contributing Additions and enhancements to community contributing materials theme/envoy/xds Related to Envoy support theme/internals Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics theme/tls Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication theme/ui Anything related to the UI type/ci Relating to continuous integration (CI) tooling for testing or releases type/docs Documentation needs to be created/updated/clarified

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hc-github-team-consul-core @lornasong @github-team-consul-core-pr-approver @jjacobson93