github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update policies to scope agent access.

pull/21872/head
Tristan Morgan 2024-11-13 10:03:13 +11:00
parent b00c1a8b59
commit 1ba81be2f8
No known key found for this signature in database
6 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
View File

@ -1,4 +1,4 @@
agent_prefix "" { agent "{{.Name}}" {
policy = "read" policy = "read"
} }
node "{{.Name}}" { node "{{.Name}}" {
@ -9,4 +9,4 @@ service_prefix "" {
} }
key_prefix "" { key_prefix "" {
policy = "read" policy = "read"
} }

5
agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
View File

@ -1,8 +1,7 @@
acl = "write" acl = "write"
mesh = "write" mesh = "write"
agent_prefix "" { agent "{{.Name}}" {
policy = "read" policy = "read"
} }
node "{{.Name}}" { node "{{.Name}}" {
@ -10,4 +9,4 @@ node "{{.Name}}" {
} }
service_prefix "" { service_prefix "" {
policy = "write" policy = "write"
} }

2
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden vendored
View File

@ -1,6 +1,6 @@
{ {
"TemplateName": "builtin/nomad-client", "TemplateName": "builtin/nomad-client",
"Schema": "", "Schema": "",
"Template": "agent_prefix \"\" {\n policy = \"read\"\n}\nnode \"{{.Name}}\" {\n policy = \"write\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}\nkey_prefix \"\" {\n policy = \"read\"\n}", "Template": "agent \"{{.Name}}\" {\n policy = \"read\"\n}\nnode \"{{.Name}}\" {\n policy = \"write\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}\nkey_prefix \"\" {\n policy = \"read\"\n}\n",
"Description": "Gives the token or role permissions required for integration with a nomad client." "Description": "Gives the token or role permissions required for integration with a nomad client."
} }

3
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden vendored
View File

@ -5,7 +5,7 @@ Input variables:
Example usage: Example usage:
consul acl token create -templated-policy builtin/nomad-client -var name:node-1 consul acl token create -templated-policy builtin/nomad-client -var name:node-1
Raw Template: Raw Template:
agent_prefix "" { agent "{{.Name}}" {
policy = "read" policy = "read"
} }
node "{{.Name}}" { node "{{.Name}}" {
@ -17,3 +17,4 @@ service_prefix "" {
key_prefix "" { key_prefix "" {
policy = "read" policy = "read"
} }

2
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden vendored
View File

@ -1,6 +1,6 @@
{ {
"TemplateName": "builtin/nomad-server", "TemplateName": "builtin/nomad-server",
"Schema": "", "Schema": "",
"Template": "\nacl = \"write\"\nmesh = \"write\"\n\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode \"{{.Name}}\" {\n policy = \"write\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}", "Template": "acl = \"write\"\nmesh = \"write\"\n\nagent \"{{.Name}}\" {\n policy = \"read\"\n}\nnode \"{{.Name}}\" {\n policy = \"write\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}\n",
"Description": "Gives the token or role permissions required for integration with a nomad server." "Description": "Gives the token or role permissions required for integration with a nomad server."
} }

4
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden vendored
View File

@ -5,11 +5,10 @@ Input variables:
Example usage: Example usage:
consul acl token create -templated-policy builtin/nomad-server -var name:node-1 consul acl token create -templated-policy builtin/nomad-server -var name:node-1
Raw Template: Raw Template:
acl = "write" acl = "write"
mesh = "write" mesh = "write"
agent_prefix "" { agent "{{.Name}}" {
policy = "read" policy = "read"
} }
node "{{.Name}}" { node "{{.Name}}" {
@ -18,3 +17,4 @@ node "{{.Name}}" {
service_prefix "" { service_prefix "" {
policy = "write" policy = "write"
} }