Document agent token policy requirement for rexec

The Agent token policy when using rexec should have `write` on "_rexec"
key prefix. Updated the exec command documentation to explicitly state
this requirement.
This commit is contained in:
Ranjandas 2021-03-23 15:51:56 +11:00
parent 277de5addc
commit 7857c5746f
1 changed files with 2 additions and 0 deletions

View File

@ -41,6 +41,8 @@ execute this command.
| `key:write` | `"_rexec"` prefix | | `key:write` | `"_rexec"` prefix |
| `event:write` | `"_rexec"` prefix | | `event:write` | `"_rexec"` prefix |
In addition to the above, the policy associated with the [agent token](https://www.consul.io/docs/security/acl/acl-system#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store.
## Usage ## Usage
Usage: `consul exec [options] [-|command...]` Usage: `consul exec [options] [-|command...]`