From eded2ff347d0fa734b78f042529f7b52ef693001 Mon Sep 17 00:00:00 2001 From: Ronald Date: Mon, 27 Nov 2023 10:34:22 -0500 Subject: [PATCH] [NET-6249] Add templated policies description (#19735) --- .changelog/19735.txt | 3 +++ agent/acl_endpoint.go | 2 ++ agent/acl_endpoint_test.go | 2 ++ agent/structs/acl_templated_policy.go | 14 ++++++++++++++ api/acl.go | 1 + command/acl/templatedpolicy/formatter.go | 1 + command/acl/templatedpolicy/formatter_test.go | 7 +++++++ .../ce/dns-templated-policy.json.golden | 3 ++- .../ce/dns-templated-policy.pretty-meta.golden | 1 + .../ce/dns-templated-policy.pretty.golden | 1 + .../ce/node-templated-policy.json.golden | 3 ++- .../ce/node-templated-policy.pretty-meta.golden | 1 + .../ce/node-templated-policy.pretty.golden | 1 + .../ce/nomad-server-templated-policy.json.golden | 3 ++- ...omad-server-templated-policy.pretty-meta.golden | 1 + .../ce/nomad-server-templated-policy.pretty.golden | 1 + .../ce/service-templated-policy.json.golden | 3 ++- .../ce/service-templated-policy.pretty-meta.golden | 1 + .../ce/service-templated-policy.pretty.golden | 1 + .../FormatTemplatedPolicyList/ce/list.json.golden | 9 ++++++--- 20 files changed, 52 insertions(+), 7 deletions(-) create mode 100644 .changelog/19735.txt diff --git a/.changelog/19735.txt b/.changelog/19735.txt new file mode 100644 index 0000000000..b7a712ced6 --- /dev/null +++ b/.changelog/19735.txt @@ -0,0 +1,3 @@ +```release-note:improvement +acl: add templated policy descriptions +``` \ No newline at end of file diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go index fb94862800..ac773c59b4 100644 --- a/agent/acl_endpoint.go +++ b/agent/acl_endpoint.go @@ -1166,6 +1166,7 @@ func (s *HTTPHandlers) ACLTemplatedPoliciesList(resp http.ResponseWriter, req *h TemplateName: tmpBase.TemplateName, Schema: tmpBase.Schema, Template: tmpBase.Template, + Description: tmpBase.Description, } } @@ -1211,6 +1212,7 @@ func (s *HTTPHandlers) ACLTemplatedPolicyRead(resp http.ResponseWriter, req *htt TemplateName: baseTemplate.TemplateName, Schema: baseTemplate.Schema, Template: baseTemplate.Template, + Description: baseTemplate.Description, }, nil } diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index 1296731dc7..7087befe6d 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -1413,6 +1413,7 @@ func TestACL_HTTP(t *testing.T) { TemplateName: api.ACLTemplatedPolicyServiceName, Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, + Description: structs.ACLTemplatedPolicyServiceDescription, }, list[api.ACLTemplatedPolicyServiceName]) }) t.Run("Read", func(t *testing.T) { @@ -1435,6 +1436,7 @@ func TestACL_HTTP(t *testing.T) { var templatedPolicy api.ACLTemplatedPolicyResponse require.NoError(t, json.NewDecoder(resp.Body).Decode(&templatedPolicy)) require.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, templatedPolicy.Schema) + require.Equal(t, structs.ACLTemplatedPolicyDNSDescription, templatedPolicy.Description) require.Equal(t, api.ACLTemplatedPolicyDNSName, templatedPolicy.TemplateName) require.Equal(t, structs.ACLTemplatedPolicyDNS, templatedPolicy.Template) }) diff --git a/agent/structs/acl_templated_policy.go b/agent/structs/acl_templated_policy.go index ce2af67888..5a5507a665 100644 --- a/agent/structs/acl_templated_policy.go +++ b/agent/structs/acl_templated_policy.go @@ -42,6 +42,13 @@ const ( ACLTemplatedPolicyWorkloadIdentityID = "00000000-0000-0000-0000-000000000007" ACLTemplatedPolicyAPIGatewayID = "00000000-0000-0000-0000-000000000008" + ACLTemplatedPolicyServiceDescription = "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services." + ACLTemplatedPolicyNodeDescription = "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container." + ACLTemplatedPolicyDNSDescription = "Gives the token or role permissions for the Consul DNS to query services in the network." + ACLTemplatedPolicyNomadServerDescription = "Gives the token or role permissions required for integration with a nomad server." + ACLTemplatedPolicyWorkloadIdentityDescription = "Gives the token or role permissions for a specific workload identity." + ACLTemplatedPolicyAPIGatewayDescription = "Gives the token or role permissions for a Consul api gateway" + ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema ) @@ -52,6 +59,7 @@ type ACLTemplatedPolicyBase struct { TemplateID string Schema string Template string + Description string } var ( @@ -63,36 +71,42 @@ var ( TemplateName: api.ACLTemplatedPolicyServiceName, Schema: ACLTemplatedPolicyServiceSchema, Template: ACLTemplatedPolicyService, + Description: ACLTemplatedPolicyServiceDescription, }, api.ACLTemplatedPolicyNodeName: { TemplateID: ACLTemplatedPolicyNodeID, TemplateName: api.ACLTemplatedPolicyNodeName, Schema: ACLTemplatedPolicyNodeSchema, Template: ACLTemplatedPolicyNode, + Description: ACLTemplatedPolicyNodeDescription, }, api.ACLTemplatedPolicyDNSName: { TemplateID: ACLTemplatedPolicyDNSID, TemplateName: api.ACLTemplatedPolicyDNSName, Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, Template: ACLTemplatedPolicyDNS, + Description: ACLTemplatedPolicyDNSDescription, }, api.ACLTemplatedPolicyNomadServerName: { TemplateID: ACLTemplatedPolicyNomadServerID, TemplateName: api.ACLTemplatedPolicyNomadServerName, Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, Template: ACLTemplatedPolicyNomadServer, + Description: ACLTemplatedPolicyNomadServerDescription, }, api.ACLTemplatedPolicyWorkloadIdentityName: { TemplateID: ACLTemplatedPolicyWorkloadIdentityID, TemplateName: api.ACLTemplatedPolicyWorkloadIdentityName, Schema: ACLTemplatedPolicyWorkloadIdentitySchema, Template: ACLTemplatedPolicyWorkloadIdentity, + Description: ACLTemplatedPolicyWorkloadIdentityDescription, }, api.ACLTemplatedPolicyAPIGatewayName: { TemplateID: ACLTemplatedPolicyAPIGatewayID, TemplateName: api.ACLTemplatedPolicyAPIGatewayName, Schema: ACLTemplatedPolicyAPIGatewaySchema, Template: ACLTemplatedPolicyAPIGateway, + Description: ACLTemplatedPolicyAPIGatewayDescription, }, } ) diff --git a/api/acl.go b/api/acl.go index 2f49c2ab82..b4c81e57dc 100644 --- a/api/acl.go +++ b/api/acl.go @@ -173,6 +173,7 @@ type ACLTemplatedPolicyResponse struct { TemplateName string Schema string Template string + Description string } type ACLTemplatedPolicyVariables struct { diff --git a/command/acl/templatedpolicy/formatter.go b/command/acl/templatedpolicy/formatter.go index 736d4f48c1..b94454d7af 100644 --- a/command/acl/templatedpolicy/formatter.go +++ b/command/acl/templatedpolicy/formatter.go @@ -65,6 +65,7 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated var buffer bytes.Buffer buffer.WriteString(fmt.Sprintf("Name: %s\n", templatedPolicy.TemplateName)) + buffer.WriteString(fmt.Sprintf("Description: %s\n", templatedPolicy.Description)) buffer.WriteString("Input variables:") switch templatedPolicy.TemplateName { diff --git a/command/acl/templatedpolicy/formatter_test.go b/command/acl/templatedpolicy/formatter_test.go index aa00854980..c377530c91 100644 --- a/command/acl/templatedpolicy/formatter_test.go +++ b/command/acl/templatedpolicy/formatter_test.go @@ -37,6 +37,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { TemplateName: api.ACLTemplatedPolicyNodeName, Schema: structs.ACLTemplatedPolicyNodeSchema, Template: structs.ACLTemplatedPolicyNode, + Description: structs.ACLTemplatedPolicyNodeDescription, }, }, "dns-templated-policy": { @@ -44,6 +45,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { TemplateName: api.ACLTemplatedPolicyDNSName, Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, Template: structs.ACLTemplatedPolicyDNS, + Description: structs.ACLTemplatedPolicyDNSDescription, }, }, "service-templated-policy": { @@ -51,6 +53,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { TemplateName: api.ACLTemplatedPolicyServiceName, Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, + Description: structs.ACLTemplatedPolicyServiceDescription, }, }, "nomad-server-templated-policy": { @@ -58,6 +61,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { TemplateName: api.ACLTemplatedPolicyNomadServerName, Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, Template: structs.ACLTemplatedPolicyNomadServer, + Description: structs.ACLTemplatedPolicyNomadServerDescription, }, }, } @@ -98,16 +102,19 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) { TemplateName: api.ACLTemplatedPolicyNodeName, Schema: structs.ACLTemplatedPolicyNodeSchema, Template: structs.ACLTemplatedPolicyNode, + Description: structs.ACLTemplatedPolicyNodeDescription, }, "builtin/dns": { TemplateName: api.ACLTemplatedPolicyDNSName, Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, Template: structs.ACLTemplatedPolicyDNS, + Description: structs.ACLTemplatedPolicyDNSDescription, }, "builtin/service": { TemplateName: api.ACLTemplatedPolicyServiceName, Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, + Description: structs.ACLTemplatedPolicyServiceDescription, }, } diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.json.golden index 36682729f1..98073893df 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.json.golden @@ -1,5 +1,6 @@ { "TemplateName": "builtin/dns", "Schema": "", - "Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions for the Consul DNS to query services in the network." } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty-meta.golden index a30a0c5355..f296c9b578 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty-meta.golden @@ -1,4 +1,5 @@ Name: builtin/dns +Description: Gives the token or role permissions for the Consul DNS to query services in the network. Input variables: None Example usage: consul acl token create -templated-policy builtin/dns diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty.golden index f52cfdfe1d..26afd29a4f 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/dns-templated-policy.pretty.golden @@ -1,4 +1,5 @@ Name: builtin/dns +Description: Gives the token or role permissions for the Consul DNS to query services in the network. Input variables: None Example usage: consul acl token create -templated-policy builtin/dns diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden index 22981af046..3fd3b495fe 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden @@ -1,5 +1,6 @@ { "TemplateName": "builtin/node", "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", - "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container." } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden index fda0d9559e..1066fae048 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden @@ -1,4 +1,5 @@ Name: builtin/node +Description: Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container. Input variables: Name: String - Required - The node name. Example usage: diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty.golden index a923087028..099cb31064 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty.golden @@ -1,4 +1,5 @@ Name: builtin/node +Description: Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container. Input variables: Name: String - Required - The node name. Example usage: diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden index 7c9981e7f8..871b26dac3 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden @@ -1,5 +1,6 @@ { "TemplateName": "builtin/nomad-server", "Schema": "", - "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}" + "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}", + "Description": "Gives the token or role permissions required for integration with a nomad server." } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden index be000cce1d..60c1961151 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden @@ -1,4 +1,5 @@ Name: builtin/nomad-server +Description: Gives the token or role permissions required for integration with a nomad server. Input variables: None Example usage: consul acl token create -templated-policy builtin/nomad-server diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden index d4943665e7..e65d016320 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden @@ -1,4 +1,5 @@ Name: builtin/nomad-server +Description: Gives the token or role permissions required for integration with a nomad server. Input variables: None Example usage: consul acl token create -templated-policy builtin/nomad-server diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden index e4b71de9b8..0cd714893e 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden @@ -1,5 +1,6 @@ { "TemplateName": "builtin/service", "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", - "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services." } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden index f3ae5c6d7b..bcb0f8c26b 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden @@ -1,4 +1,5 @@ Name: builtin/service +Description: Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services. Input variables: Name: String - Required - The name of the service. Example usage: diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty.golden index bc3ffcfd25..0c0b545b63 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty.golden @@ -1,4 +1,5 @@ Name: builtin/service +Description: Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services. Input variables: Name: String - Required - The name of the service. Example usage: diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden index b634ddc9d8..af63cec4fc 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden @@ -2,16 +2,19 @@ "builtin/dns": { "TemplateName": "builtin/dns", "Schema": "", - "Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions for the Consul DNS to query services in the network." }, "builtin/node": { "TemplateName": "builtin/node", "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", - "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container." }, "builtin/service": { "TemplateName": "builtin/service", "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", - "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}" + "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}", + "Description": "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services." } } \ No newline at end of file