website: Update ACL docs

pull/506/head
Armon Dadgar 10 years ago
parent 81d4e5cfd4
commit 4c410cf1f9

@ -114,6 +114,16 @@ key "foo/private/" {
# Deny access to the private dir # Deny access to the private dir
policy = "deny" policy = "deny"
} }
# Default all services to allowing registration
service "" {
policy = "write"
}
service "secure" {
# Deny registration access to secure service
policy = "read"
}
``` ```
This is equivalent to the following JSON input: This is equivalent to the following JSON input:
@ -122,14 +132,22 @@ This is equivalent to the following JSON input:
{ {
"key": { "key": {
"": { "": {
"policy": "read", "policy": "read"
}, },
"foo/": { "foo/": {
"policy": "write", "policy": "write"
}, },
"foo/private": { "foo/private": {
"policy": "deny", "policy": "deny"
} }
},
"service": {
"": {
"policy": "write"
},
"secure": {
"policy": "read"
}
} }
} }
``` ```
@ -139,3 +157,11 @@ using a longest-prefix match policy. This means we pick the most specific
policy possible. The policy is either "read", "write" or "deny". A "write" policy possible. The policy is either "read", "write" or "deny". A "write"
policy implies "read", and there is no way to specify write-only. If there policy implies "read", and there is no way to specify write-only. If there
is no applicable rule, the `acl_default_policy` is applied. is no applicable rule, the `acl_default_policy` is applied.
Services policies provide both a service name and a policy. The rules are
enforced using an exact match policy. The default rule is provided using
the empty string. The policy is either "read", "write", or "deny". A "write"
policy implies "read", and there is no way to specify write-only. If there
is no applicable rule, the `acl_default_policy` is applied. Currently, only
the "write" level is enforced for registration of services.

Loading…
Cancel
Save