github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/etc/acls/consul/nomad-client-policy.hcl

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/etc/acls/consul/nomad-client-policy.hcl (about)

     1  // The Nomad Client will be registering things into its buddy Consul Client.
     2  // Note: because we also test the use of Consul namespaces, this token must be
     3  // able to register services, read the keystore, and read node data for any
     4  // namespace.
     5  // The operator=write permission is required for creating config entries for
     6  // connect ingress gateways. operator ACLs are not namespaced, though the
     7  // config entries they can generate are.
     8  operator = "write"
     9  
    10  agent_prefix "" {
    11    policy = "read"
    12  }
    13  
    14  namespace_prefix "" {
    15    // The acl=write permission is required for generating Consul Service Identity
    16    // tokens for consul connect services. Those services could be configured for
    17    // any Consul namespace the job-submitter has access to.
    18    acl = "write"
    19  
    20    key_prefix "" {
    21      policy = "read"
    22    }
    23  
    24    node_prefix "" {
    25      policy = "read"
    26    }
    27  
    28    service_prefix "" {
    29      policy = "write"
    30    }
    31  }