From 415491ff2bbf87b37935f4c7980a38c5ba4e9be1 Mon Sep 17 00:00:00 2001 From: Ronald Date: Mon, 20 Nov 2023 09:44:30 -0500 Subject: [PATCH] [NET-6640] Add docs for binding type policy (#19677) --- .../commands/acl/binding-rule/create.mdx | 34 ++++++++++++++++++- .../commands/acl/binding-rule/update.mdx | 2 +- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/website/content/commands/acl/binding-rule/create.mdx b/website/content/commands/acl/binding-rule/create.mdx index bcca8b3db0..38b2ffb57d 100644 --- a/website/content/commands/acl/binding-rule/create.mdx +++ b/website/content/commands/acl/binding-rule/create.mdx @@ -30,7 +30,7 @@ Usage: `consul acl binding-rule create [options] [args]` - `-bind-name=` - Name to bind on match. Can use `${var}` interpolation. This flag is required. -- `-bind-type=` - Type of binding to perform (`"service"` or `"role"`). +- `-bind-type=` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`). - `-description=` - A description of the binding rule. @@ -89,4 +89,36 @@ Description: just vault role BindType: role BindName: vault Selector: serviceaccount.namespace==default and serviceaccount.name==vault +``` + +Create a new binding rule that binds to a policy: + +```shell-session +$ consul acl binding-rule create -method 'nomad' \ + -description 'gets policy for nomad job' \ + -bind-type 'policy' \ + -bind-name 'nomad-${nomad.jobname}' \ + -selector 'nomad.jobname==billing-app' +ID: e21ae868-7b13-a230-0235-f8e83510642c +AuthMethod: nomad +Description: gets policy for nomad job +BindType: policy +BindName: nomad-billing-app +Selector: nomad.jobname==billing-app +``` + +Create a new binding rule that binds to a templated policy: + +```shell-session +$ consul acl binding-rule create -method 'remote-jwks' \ + -description 'gets templated policy for dns tokens' \ + -bind-type 'templated-policy' \ + -bind-name 'builtin/dns' \ + -selector 'serviceaccount.namespace==default' +ID: eaca9aa4-8913-c8ef-ba39-bfae64f66d99 +AuthMethod: remote-jwks +Description: gets templated policy for dns tokens +BindType: templated-policy +BindName: builtin/dns +Selector: serviceaccount.namespace==default ``` \ No newline at end of file diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index 24f6901294..e33b7e026d 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -33,7 +33,7 @@ Usage: `consul acl binding-rule update [options] [args]` - `-bind-name=` - Name to bind on match. Can use `${var}` interpolation. This flag is required. -- `-bind-type=` - Type of binding to perform (`"service"` or `"role"`). +- `-bind-type=` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`). - `-description=` - A description of the binding rule.