mirror of https://github.com/hashicorp/consul
Merge pull request #11468 from hashicorp/dnephin/acl-docs-namespace-rules
docs: update docs about namespace default policy/rolepull/11673/head
commit
a631378008
|
@ -50,13 +50,17 @@ The table below shows this endpoint's support for
|
||||||
that should be applied to all tokens created in this namespace. The ACLLink
|
that should be applied to all tokens created in this namespace. The ACLLink
|
||||||
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
||||||
When a name is used instead of an ID, Consul will resolve the name to an ID
|
When a name is used instead of an ID, Consul will resolve the name to an ID
|
||||||
and store that internally.
|
and store that internally. The ACL token used in the API request
|
||||||
|
must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules)
|
||||||
|
to the linked policy.
|
||||||
|
|
||||||
- `RoleDefaults` `(array<ACLLink>)` - This is the list of default roles
|
- `RoleDefaults` `(array<ACLLink>)` - This is the list of default roles
|
||||||
that should be applied to all tokens created in this namespace. The ACLLink
|
that should be applied to all tokens created in this namespace. The ACLLink
|
||||||
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
||||||
When a name is used instead of an ID, Consul will resolve the name to an ID
|
When a name is used instead of an ID, Consul will resolve the name to an ID
|
||||||
and store that internally.
|
and store that internally. The ACL token used in the API request
|
||||||
|
must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules)
|
||||||
|
access to the linked role.
|
||||||
|
|
||||||
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata
|
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata
|
||||||
to associate with the namespace.
|
to associate with the namespace.
|
||||||
|
@ -245,13 +249,17 @@ The table below shows this endpoint's support for
|
||||||
that should be applied to all tokens created in this namespace. The ACLLink
|
that should be applied to all tokens created in this namespace. The ACLLink
|
||||||
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
||||||
When a name is used instead of an ID, Consul will resolve the name to an ID
|
When a name is used instead of an ID, Consul will resolve the name to an ID
|
||||||
and store that internally.
|
and store that internally. The ACL token used in the API request
|
||||||
|
must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules)
|
||||||
|
to the linked policy.
|
||||||
|
|
||||||
- `RoleDefaults` `(array<ACLLink>)` - This is the list of default roles
|
- `RoleDefaults` `(array<ACLLink>)` - This is the list of default roles
|
||||||
that should be applied to all tokens created in this namespace. The ACLLink
|
that should be applied to all tokens created in this namespace. The ACLLink
|
||||||
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
struct is an object with an "ID" and/or "Name" field to identify a policy.
|
||||||
When a name is used instead of an ID, Consul will resolve the name to an ID
|
When a name is used instead of an ID, Consul will resolve the name to an ID
|
||||||
and store that internally.
|
and store that internally. The ACL token used in the API request
|
||||||
|
must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules)
|
||||||
|
to the linked role.
|
||||||
|
|
||||||
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata
|
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata
|
||||||
to associate with the namespace.
|
to associate with the namespace.
|
||||||
|
|
|
@ -31,10 +31,12 @@ from the CLI arguments.
|
||||||
in this namespace. May be specified multiple times.
|
in this namespace. May be specified multiple times.
|
||||||
|
|
||||||
- `-default-policy-name=<value>` - Name of a policy from the default namespace to inject for all
|
- `-default-policy-name=<value>` - Name of a policy from the default namespace to inject for all
|
||||||
tokens in this namespace. May be specified multiple times.
|
tokens in this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked policy.
|
||||||
|
|
||||||
- `-default-role-id=<value>` - ID of a role from the default namespace to inject for all tokens in
|
- `-default-role-id=<value>` - ID of a role from the default namespace to inject for all tokens in
|
||||||
this namespace. May be specified multiple times.
|
this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked role.
|
||||||
|
|
||||||
- `-default-role-name=<value>` - Name of a role from the default namespace to inject for all tokens
|
- `-default-role-name=<value>` - Name of a role from the default namespace to inject for all tokens
|
||||||
in this namespace. May be specified multiple times.
|
in this namespace. May be specified multiple times.
|
||||||
|
|
|
@ -29,16 +29,20 @@ with the existing namespace definition.
|
||||||
#### Command Options
|
#### Command Options
|
||||||
|
|
||||||
- `-default-policy-id=<value>` - ID of a policy from the default namespace to inject for all tokens
|
- `-default-policy-id=<value>` - ID of a policy from the default namespace to inject for all tokens
|
||||||
in this namespace. May be specified multiple times.
|
in this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked policy.
|
||||||
|
|
||||||
- `-default-policy-name=<value>` - Name of a policy from the default namespace to inject for all
|
- `-default-policy-name=<value>` - Name of a policy from the default namespace to inject for all
|
||||||
tokens in this namespace. May be specified multiple times.
|
tokens in this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked policy.
|
||||||
|
|
||||||
- `-default-role-id=<value>` - ID of a role from the default namespace to inject for all tokens in
|
- `-default-role-id=<value>` - ID of a role from the default namespace to inject for all tokens in
|
||||||
this namespace. May be specified multiple times.
|
this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked role.
|
||||||
|
|
||||||
- `-default-role-name=<value>` - Name of a role from the default namespace to inject for all tokens
|
- `-default-role-name=<value>` - Name of a role from the default namespace to inject for all tokens
|
||||||
in this namespace. May be specified multiple times.
|
in this namespace. May be specified multiple times. The ACL token used with
|
||||||
|
this command must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked role.
|
||||||
|
|
||||||
- `-description=<string>` - A description of the namespace.
|
- `-description=<string>` - A description of the namespace.
|
||||||
|
|
||||||
|
|
|
@ -101,13 +101,15 @@ Meta {
|
||||||
created in this namespace. The ACLLink object can contain an `ID` and/or `Name` field. When the
|
created in this namespace. The ACLLink object can contain an `ID` and/or `Name` field. When the
|
||||||
policies ID is omitted Consul will resolve the name to an ID before writing the namespace
|
policies ID is omitted Consul will resolve the name to an ID before writing the namespace
|
||||||
definition internally. Note that all policies linked in a namespace definition must be defined
|
definition internally. Note that all policies linked in a namespace definition must be defined
|
||||||
within the `default namespace.
|
within the `default` namespace, and the ACL token used to create or edit the
|
||||||
|
namespace must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked policy.
|
||||||
|
|
||||||
- `RoleDefaults` `(array<ACLLink>)` - A list of default roles to be applied to all tokens
|
- `RoleDefaults` `(array<ACLLink>)` - A list of default roles to be applied to all tokens
|
||||||
created in this namespace. The ACLLink object can contain an `ID` and/or `Name` field. When the
|
created in this namespace. The ACLLink object can contain an `ID` and/or `Name` field. When the
|
||||||
roles' ID is omitted Consul will resolve the name to an ID before writing the namespace
|
roles' ID is omitted Consul will resolve the name to an ID before writing the namespace
|
||||||
definition internally. Note that all roles linked in a namespace definition must be defined
|
definition internally. Note that all roles linked in a namespace definition must be defined
|
||||||
within the `default namespace.
|
within the `default` namespace, and the ACL token used to create or edit the
|
||||||
|
namespace must have [`acl:write` access](/docs/security/acl/acl-rules#acl-resource-rules) to the linked role.
|
||||||
|
|
||||||
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata to associate with
|
- `Meta` `(map<string|string>: <optional>)` - Specifies arbitrary KV metadata to associate with
|
||||||
this namespace.
|
this namespace.
|
||||||
|
|
Loading…
Reference in New Issue