|
|
|
|
@ -69,8 +69,8 @@ token replication enabled.
|
|
|
|
|
## Binding Rules
|
|
|
|
|
|
|
|
|
|
Binding rules allow an operator to express a systematic way of automatically
|
|
|
|
|
linking [roles](/docs/security/acl/acl-system#acl-roles) and [service
|
|
|
|
|
identities](/docs/security/acl/acl-system#acl-service-identities) to newly created
|
|
|
|
|
linking [roles](/docs/security/acl/acl-roles) and [service
|
|
|
|
|
identities](/docs/security/acl/acl-roles#service-identities) to newly created
|
|
|
|
|
tokens without operator intervention.
|
|
|
|
|
|
|
|
|
|
Successful authentication with an auth method returns a set of trusted
|
|
|
|
|
@ -88,8 +88,8 @@ Each binding rule is composed of two portions:
|
|
|
|
|
`"serviceaccount.namespace==default and serviceaccount.name!=vault"`
|
|
|
|
|
|
|
|
|
|
- **Bind Type and Name** - A binding rule can bind a token to a
|
|
|
|
|
[role](/docs/security/acl/acl-system#acl-roles) or to a [service
|
|
|
|
|
identity](/docs/security/acl/acl-system#acl-service-identities) by name. The name
|
|
|
|
|
[role](/docs/security/acl/acl-roles) or to a [service
|
|
|
|
|
identity](/docs/security/acl/acl-roles#service-identities) by name. The name
|
|
|
|
|
can be specified with a plain string or the bind name can be lightly
|
|
|
|
|
templated using [HIL syntax](https://github.com/hashicorp/hil) to interpolate
|
|
|
|
|
the same values that are usable by the `Selector` syntax. For example:
|
|
|
|
|
|
Christopher Swenson
3 years ago
committed by