|
|
|
@ -180,10 +180,10 @@ definitions support being updated during a reload. |
|
|
|
is authoritative for ACL information. It must be provided to enable ACLs. |
|
|
|
is authoritative for ACL information. It must be provided to enable ACLs. |
|
|
|
All servers and datacenters must agree on the ACL datacenter. Setting it on |
|
|
|
All servers and datacenters must agree on the ACL datacenter. Setting it on |
|
|
|
the servers is all you need for enforcement, but for the APIs to work on the |
|
|
|
the servers is all you need for enforcement, but for the APIs to work on the |
|
|
|
clients, it must be set (to forward properly). Also, if we want to enhance |
|
|
|
clients, it must be set on them too (to forward properly). Also, if we want |
|
|
|
the ACL support for other features like service discovery, enforcement |
|
|
|
to enhance the ACL support for other features like service discovery, |
|
|
|
might move to the edges, so it's best to just set the acl_datacenter on all |
|
|
|
enforcement might move to the edges, so it's best to just set the |
|
|
|
the nodes. |
|
|
|
`acl_datacenter` on all the nodes. |
|
|
|
|
|
|
|
|
|
|
|
* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The |
|
|
|
* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The |
|
|
|
default policy controls the behavior of a token when there is no matching |
|
|
|
default policy controls the behavior of a token when there is no matching |
|
|
|
|
Laurent Raufaste
10 years ago