Skip to content

Commit

Permalink
backport of commit b9eac6b
Browse files Browse the repository at this point in the history
  • Loading branch information
Paul Glass committed Jul 18, 2023
1 parent 320203d commit c9ee36c
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 15 deletions.
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
---
layout: docs
page_title: Create tokens for for Consul External Service Monitor
page_title: Create tokens for for Consul external service monitor
description: >-
Learn how to create ACL tokens for the Consul External Service Monitor
Learn how to create ACL tokens for the Consul external service monitor
---

# Create a Consul ESM token

This topic describes how to create a token for the Consul External Service Monitor.
This topic describes how to create a token for the Consul external service monitor.

## Introduction

Expand Down Expand Up @@ -36,7 +36,7 @@ Consul ESM only supports `default` admin partitions.

To create a token for Consul ESM, you must define a policy, register the policy with Consul, and link the policy to a token.

### Define a custom policy
### Define a policy

You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.

Expand Down Expand Up @@ -118,7 +118,7 @@ After defining the policy, you can register the policy with Consul using the com

Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.

The following example registers a custom policy defined in `esm-policy.hcl`.
The following example registers a policy defined in `esm-policy.hcl`.

```shell-session
$ consul acl policy create \
Expand Down Expand Up @@ -195,7 +195,7 @@ $ curl --request PUT http://127.0.0.1:8500/v1/acl/token \

To create a token for Consul ESM, you must define a policy, register the policy with Consul, and link the policy to a token.

### Define a custom policy
### Define a policy

You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ This topic describes how to create a token that enables the Consul DNS to query

## Introduction

A Consul agent must be configured with a token linked to policies that grant the appropriate set of permissions.
The Consul binary ships with a DNS server that you can use for service discovery in your network. The agent that fulfills DNS lookups requires appropriate ACL permissions to discover services, nodes, and prepared queries registered in Consul.

A Consul agent must be configured with a token linked to policies that grant the appropriate set of permissions.

Specify the [`default`](/consul/docs/agent/config/config-files#acl_tokens_default) token to the Consul agent to authorize the agent to respond to DNS queries. Refer to [DNS usage overview](/consul/docs/services/discovery/dns-overview) for details on configuring and using Consul DNS.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ This topic describes how to create a token for the Consul snapshot agent.

<EnterpriseAlert />


## Introduction

The `consul snapshot agent` command starts a process that takes snapshots of the state of the Consul
Expand All @@ -20,10 +19,13 @@ servers and either saves them locally or pushes them to a remote storage service
## Requirements

Core ACL functionality is available in all versions of Consul.

### `agent` command requirements

The [`agent`](/consul/commands/snapshot/agent) subcommand requires [Consul Enterprise](https://www.hashicorp.com/products/consul/). All other [snapshot subcommands](/consul/commands/snapshot)
are available in the open source version of Consul.
The [`agent`](/consul/commands/snapshot/agent) subcommand requires [Consul Enterprise](https://www.hashicorp.com/products/consul/). All other [`snapshot` subcommands](/consul/commands/snapshot) are available in the open source version of Consul.

### Snapshot agent ACL requirements

The Consul snapshot agent must present a token linked to policies that grant the following set of permissions.

* `acl:write`: Enables the agent read and snapshot ACL data
Expand All @@ -37,7 +39,7 @@ The Consul snapshot agent must present a token linked to policies that grant the

To create a token for the snapshot agent, you must define a policy, register the policy with Consul, and link the policy to a token.

### Define a custom policy
### Define a policy

You can send policy definitions as command line or API arguments or define them in an external HCL or JSON file. Refer to [ACL Rules](/consul/docs/security/acl/acl-rules) for details about all of the rules you can use in your policies.

Expand Down Expand Up @@ -93,7 +95,7 @@ You can specify an admin partition and namespace when creating policies in Consu

Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.

The following example registers a custom policy defined in `snapshot-agent.hcl`:
The following example registers a policy defined in `snapshot-agent.hcl`:

```shell-session
$ consul acl policy create -partition "default" -namespace "default" \
Expand All @@ -107,7 +109,7 @@ $ consul acl policy create -partition "default" -namespace "default" \

Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.

The following example registers the custom policy defined in `snapshot-agent.hcl`. You must embed policy rules in the `Rules` field of the request body.
The following example registers the policy defined in `snapshot-agent.hcl`. You must embed policy rules in the `Rules` field of the request body.

```shell-session
$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ After defining the policy, you can register the policy with Consul using the com

Run the `consul acl policy create` command and specify the policy rules to create a policy. Refer to [Consul ACL Policy Create](/consul/commands/acl/policy/create) for details about the `consul acl policy create` command.

The following example registers a custom policy defined in `vault-storage-backend.hcl`.
The following example registers a policy defined in `vault-storage-backend.hcl`.

```shell-session
$ consul acl policy create -partition "default" -namespace "default" \
Expand All @@ -104,7 +104,7 @@ $ consul acl policy create -partition "default" -namespace "default" \

Send a PUT request to the `/acl/policy` endpoint and specify the policy rules in the request body to create a policy. Refer to [ACL Policy HTTP API](/consul/api-docs/acl/policies) for additional information about using the API endpoint.

The following example registers the custom policy defined in `vault-storage-backend.hcl`. You must embed policy rules in the `Rules` field of the request body.
The following example registers the policy defined in `vault-storage-backend.hcl`. You must embed policy rules in the `Rules` field of the request body.

```shell-session
$ curl --request PUT http://127.0.0.1:8500/v1/acl/policy \
Expand Down

0 comments on commit c9ee36c

Please sign in to comment.