github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/public/data/vault/nomad-server-policy.hcl

github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/public/data/vault/nomad-server-policy.hcl (about)

     1  # Allow creating tokens under "nomad-cluster" role. The role name should be
     2  # updated if "nomad-cluster" is not used.
     3  path "auth/token/create/nomad-cluster" {
     4    capabilities = ["update"]
     5  }
     6  
     7  # Allow looking up "nomad-cluster" role. The role name should be updated if
     8  # "nomad-cluster" is not used.
     9  path "auth/token/roles/nomad-cluster" {
    10    capabilities = ["read"]
    11  }
    12  
    13  # Allow looking up the token passed to Nomad to validate the token has the
    14  # proper capabilities. This is provided by the "default" policy.
    15  path "auth/token/lookup-self" {
    16    capabilities = ["read"]
    17  }
    18  
    19  # Allow looking up incoming tokens to validate they have permissions to access
    20  # the tokens they are requesting. This is only required if
    21  # `allow_unauthenticated` is set to false.
    22  path "auth/token/lookup" {
    23    capabilities = ["update"]
    24  }
    25  
    26  # Allow revoking tokens that should no longer exist. This allows revoking
    27  # tokens for dead tasks.
    28  path "auth/token/revoke-accessor" {
    29    capabilities = ["update"]
    30  }
    31  
    32  # Allow checking the capabilities of our own token. This is used to validate the
    33  # token upon startup.
    34  path "sys/capabilities-self" {
    35    capabilities = ["update"]
    36  }
    37  
    38  # Allow our own token to be renewed.
    39  path "auth/token/renew-self" {
    40    capabilities = ["update"]
    41  }