Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [CC-5719] Add support for builtin global-read-only policy into release/1.15.x #18344

Merged
merged 1 commit into from
Aug 1, 2023
Merged

Backport of [CC-5719] Add support for builtin global-read-only policy into release/1.15.x #18344

merged 1 commit into from
Aug 1, 2023

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #18319 to be assessed for backporting due to the inclusion of the label backport/1.15.

The below text is copied from the body of the original PR.

Description

This adds a new builtin policy that provides global read-only access, in contrast to the global read-write access that the builtin global-management policy provides. Other changes were made to process builtin policies more generically, since there are several places where checks or validations are done before processing or altering a policy.

Links

Ticket
RFC

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core removed the request for review from a team August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from 1809fe4 to 01395e3 Compare August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from 6c0a86a to e310bdb Compare August 1, 2023 17:12
@hc-github-team-consul-core hc-github-team-consul-core enabled auto-merge (squash) August 1, 2023 17:12
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Aug 1, 2023
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@github-actions github-actions bot added type/docs Documentation needs to be created/updated/clarified theme/api Relating to the HTTP API interface theme/acls ACL and token generation theme/cli Flags and documentation for the CLI interface theme/config Relating to Consul Agent configuration, including reloading theme/ui Anything related to the UI theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/tls Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication type/ci Relating to continuous integration (CI) tooling for testing or releases pr/dependencies PR specifically updates dependencies of project theme/envoy/xds Related to Envoy support theme/contributing Additions and enhancements to community contributing materials theme/internals Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics theme/certificates Related to creating, distributing, and rotating certificates in Consul theme/agent-cache Agent Cache theme/consul-terraform-sync Relating to Consul Terraform Sync and Network Infrastructure Automation labels Aug 1, 2023
@hc-github-team-consul-core
Copy link
Collaborator Author

🤔 This PR has changes in the website/ directory but does not have a type/docs-cherrypick label. If the changes are for the next version, this can be ignored. If they are updates to current docs, attach the label to auto cherrypick to the stable-website branch after merging.

@vercel vercel bot temporarily deployed to Preview – consul August 1, 2023 17:18 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging August 1, 2023 17:19 Inactive
@jjacobson93 @cthain @lornasong
[CC-5719] Add support for builtin global-read-only policy (#18319)
96e0b6b 
* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
@lornasong lornasong force-pushed the backport/jer/read-only-policy/simply-fit-jackass branch from e310bdb to 96e0b6b Compare August 1, 2023 21:22
@lornasong
Copy link
Member

Resolved this by:

git remote update
git checkout -B backport/jer/read-only-policy/simply-fit-jackass origin/release/1.15.x
git cherry-pick 6424ef6a56435191aae5da1392ae2f5a89bc5591
git push -f origin backport/jer/read-only-policy/simply-fit-jackass

Commit cherry-picked: 6424ef6

@hc-github-team-consul-core hc-github-team-consul-core merged commit 30a1623 into release/1.15.x Aug 1, 2023
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/jer/read-only-policy/simply-fit-jackass branch August 1, 2023 21:42
@jira jira bot mentioned this pull request Aug 28, 2023
Closed
@jira jira bot mentioned this pull request Dec 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@shore shore Awaiting requested review from shore

@jeanneryan jeanneryan Awaiting requested review from jeanneryan

@jjacobson93 jjacobson93 Awaiting requested review from jjacobson93

Assignees

@jjacobson93 jjacobson93

Labels
pr/dependencies PR specifically updates dependencies of project theme/acls ACL and token generation theme/agent-cache Agent Cache theme/api Relating to the HTTP API interface theme/certificates Related to creating, distributing, and rotating certificates in Consul theme/cli Flags and documentation for the CLI interface theme/config Relating to Consul Agent configuration, including reloading theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/consul-terraform-sync Relating to Consul Terraform Sync and Network Infrastructure Automation theme/contributing Additions and enhancements to community contributing materials theme/envoy/xds Related to Envoy support theme/internals Serf, Raft, SWIM, Lifeguard, Anti-Entropy, locking topics theme/tls Using TLS (Transport Layer Security) or mTLS (mutual TLS) to secure communication theme/ui Anything related to the UI type/ci Relating to continuous integration (CI) tooling for testing or releases type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hc-github-team-consul-core @lornasong @github-team-consul-core-pr-approver @jjacobson93