github.com/hernad/nomad@v1.6.112/e2e/terraform/etc/acls/consul/nomad-client-policy.hcl

github.com/hernad/nomad@v1.6.112/e2e/terraform/etc/acls/consul/nomad-client-policy.hcl (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  // The Nomad Client will be registering things into its buddy Consul Client.
     5  // Note: because we also test the use of Consul namespaces, this token must be
     6  // able to register services, read the keystore, and read node data for any
     7  // namespace.
     8  // The operator=write permission is required for creating config entries for
     9  // connect ingress gateways. operator ACLs are not namespaced, though the
    10  // config entries they can generate are.
    11  operator = "write"
    12  
    13  agent_prefix "" {
    14    policy = "read"
    15  }
    16  
    17  namespace_prefix "" {
    18    // The acl=write permission is required for generating Consul Service Identity
    19    // tokens for consul connect services. Those services could be configured for
    20    // any Consul namespace the job-submitter has access to.
    21    acl = "write"
    22  
    23    key_prefix "" {
    24      policy = "read"
    25    }
    26  
    27    node_prefix "" {
    28      policy = "read"
    29    }
    30  
    31    service_prefix "" {
    32      policy = "write"
    33    }
    34  }