mirror of https://github.com/status-im/consul.git
[NET-6249] Add templated policies description (#19735)
This commit is contained in:
Ronald
GitHub
parent
c1dbf00a85
commit
eded2ff347
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
acl: add templated policy descriptions
|
||||||
|
```
|
||||||
|
|
@ -1166,6 +1166,7 @@ func (s *HTTPHandlers) ACLTemplatedPoliciesList(resp http.ResponseWriter, req *h
|
||||||
TemplateName: tmpBase.TemplateName,
|
TemplateName: tmpBase.TemplateName,
|
||||||
Schema: tmpBase.Schema,
|
Schema: tmpBase.Schema,
|
||||||
Template: tmpBase.Template,
|
Template: tmpBase.Template,
|
||||||
|
Description: tmpBase.Description,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1211,6 +1212,7 @@ func (s *HTTPHandlers) ACLTemplatedPolicyRead(resp http.ResponseWriter, req *htt
|
||||||
TemplateName: baseTemplate.TemplateName,
|
TemplateName: baseTemplate.TemplateName,
|
||||||
Schema: baseTemplate.Schema,
|
Schema: baseTemplate.Schema,
|
||||||
Template: baseTemplate.Template,
|
Template: baseTemplate.Template,
|
||||||
|
Description: baseTemplate.Description,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1413,6 +1413,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
|
Description: structs.ACLTemplatedPolicyServiceDescription,
|
||||||
}, list[api.ACLTemplatedPolicyServiceName])
|
}, list[api.ACLTemplatedPolicyServiceName])
|
||||||
})
|
})
|
||||||
t.Run("Read", func(t *testing.T) {
|
t.Run("Read", func(t *testing.T) {
|
||||||
|
|
@ -1435,6 +1436,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
var templatedPolicy api.ACLTemplatedPolicyResponse
|
var templatedPolicy api.ACLTemplatedPolicyResponse
|
||||||
require.NoError(t, json.NewDecoder(resp.Body).Decode(&templatedPolicy))
|
require.NoError(t, json.NewDecoder(resp.Body).Decode(&templatedPolicy))
|
||||||
require.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, templatedPolicy.Schema)
|
require.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, templatedPolicy.Schema)
|
||||||
|
require.Equal(t, structs.ACLTemplatedPolicyDNSDescription, templatedPolicy.Description)
|
||||||
require.Equal(t, api.ACLTemplatedPolicyDNSName, templatedPolicy.TemplateName)
|
require.Equal(t, api.ACLTemplatedPolicyDNSName, templatedPolicy.TemplateName)
|
||||||
require.Equal(t, structs.ACLTemplatedPolicyDNS, templatedPolicy.Template)
|
require.Equal(t, structs.ACLTemplatedPolicyDNS, templatedPolicy.Template)
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,13 @@ const (
|
||||||
ACLTemplatedPolicyWorkloadIdentityID = "00000000-0000-0000-0000-000000000007"
|
ACLTemplatedPolicyWorkloadIdentityID = "00000000-0000-0000-0000-000000000007"
|
||||||
ACLTemplatedPolicyAPIGatewayID = "00000000-0000-0000-0000-000000000008"
|
ACLTemplatedPolicyAPIGatewayID = "00000000-0000-0000-0000-000000000008"
|
||||||
|
|
||||||
|
ACLTemplatedPolicyServiceDescription = "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services."
|
||||||
|
ACLTemplatedPolicyNodeDescription = "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container."
|
||||||
|
ACLTemplatedPolicyDNSDescription = "Gives the token or role permissions for the Consul DNS to query services in the network."
|
||||||
|
ACLTemplatedPolicyNomadServerDescription = "Gives the token or role permissions required for integration with a nomad server."
|
||||||
|
ACLTemplatedPolicyWorkloadIdentityDescription = "Gives the token or role permissions for a specific workload identity."
|
||||||
|
ACLTemplatedPolicyAPIGatewayDescription = "Gives the token or role permissions for a Consul api gateway"
|
||||||
|
|
||||||
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
|
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -52,6 +59,7 @@ type ACLTemplatedPolicyBase struct {
|
||||||
TemplateID string
|
TemplateID string
|
||||||
Schema string
|
Schema string
|
||||||
Template string
|
Template string
|
||||||
|
Description string
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -63,36 +71,42 @@ var (
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: ACLTemplatedPolicyServiceSchema,
|
Schema: ACLTemplatedPolicyServiceSchema,
|
||||||
Template: ACLTemplatedPolicyService,
|
Template: ACLTemplatedPolicyService,
|
||||||
|
Description: ACLTemplatedPolicyServiceDescription,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyNodeName: {
|
api.ACLTemplatedPolicyNodeName: {
|
||||||
TemplateID: ACLTemplatedPolicyNodeID,
|
TemplateID: ACLTemplatedPolicyNodeID,
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: ACLTemplatedPolicyNodeSchema,
|
Schema: ACLTemplatedPolicyNodeSchema,
|
||||||
Template: ACLTemplatedPolicyNode,
|
Template: ACLTemplatedPolicyNode,
|
||||||
|
Description: ACLTemplatedPolicyNodeDescription,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyDNSName: {
|
api.ACLTemplatedPolicyDNSName: {
|
||||||
TemplateID: ACLTemplatedPolicyDNSID,
|
TemplateID: ACLTemplatedPolicyDNSID,
|
||||||
TemplateName: api.ACLTemplatedPolicyDNSName,
|
TemplateName: api.ACLTemplatedPolicyDNSName,
|
||||||
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||||
Template: ACLTemplatedPolicyDNS,
|
Template: ACLTemplatedPolicyDNS,
|
||||||
|
Description: ACLTemplatedPolicyDNSDescription,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyNomadServerName: {
|
api.ACLTemplatedPolicyNomadServerName: {
|
||||||
TemplateID: ACLTemplatedPolicyNomadServerID,
|
TemplateID: ACLTemplatedPolicyNomadServerID,
|
||||||
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
||||||
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||||
Template: ACLTemplatedPolicyNomadServer,
|
Template: ACLTemplatedPolicyNomadServer,
|
||||||
|
Description: ACLTemplatedPolicyNomadServerDescription,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyWorkloadIdentityName: {
|
api.ACLTemplatedPolicyWorkloadIdentityName: {
|
||||||
TemplateID: ACLTemplatedPolicyWorkloadIdentityID,
|
TemplateID: ACLTemplatedPolicyWorkloadIdentityID,
|
||||||
TemplateName: api.ACLTemplatedPolicyWorkloadIdentityName,
|
TemplateName: api.ACLTemplatedPolicyWorkloadIdentityName,
|
||||||
Schema: ACLTemplatedPolicyWorkloadIdentitySchema,
|
Schema: ACLTemplatedPolicyWorkloadIdentitySchema,
|
||||||
Template: ACLTemplatedPolicyWorkloadIdentity,
|
Template: ACLTemplatedPolicyWorkloadIdentity,
|
||||||
|
Description: ACLTemplatedPolicyWorkloadIdentityDescription,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyAPIGatewayName: {
|
api.ACLTemplatedPolicyAPIGatewayName: {
|
||||||
TemplateID: ACLTemplatedPolicyAPIGatewayID,
|
TemplateID: ACLTemplatedPolicyAPIGatewayID,
|
||||||
TemplateName: api.ACLTemplatedPolicyAPIGatewayName,
|
TemplateName: api.ACLTemplatedPolicyAPIGatewayName,
|
||||||
Schema: ACLTemplatedPolicyAPIGatewaySchema,
|
Schema: ACLTemplatedPolicyAPIGatewaySchema,
|
||||||
Template: ACLTemplatedPolicyAPIGateway,
|
Template: ACLTemplatedPolicyAPIGateway,
|
||||||
|
Description: ACLTemplatedPolicyAPIGatewayDescription,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -173,6 +173,7 @@ type ACLTemplatedPolicyResponse struct {
|
||||||
TemplateName string
|
TemplateName string
|
||||||
Schema string
|
Schema string
|
||||||
Template string
|
Template string
|
||||||
|
Description string
|
||||||
}
|
}
|
||||||
|
|
||||||
type ACLTemplatedPolicyVariables struct {
|
type ACLTemplatedPolicyVariables struct {
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,7 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
|
||||||
var buffer bytes.Buffer
|
var buffer bytes.Buffer
|
||||||
|
|
||||||
buffer.WriteString(fmt.Sprintf("Name: %s\n", templatedPolicy.TemplateName))
|
buffer.WriteString(fmt.Sprintf("Name: %s\n", templatedPolicy.TemplateName))
|
||||||
|
buffer.WriteString(fmt.Sprintf("Description: %s\n", templatedPolicy.Description))
|
||||||
|
|
||||||
buffer.WriteString("Input variables:")
|
buffer.WriteString("Input variables:")
|
||||||
switch templatedPolicy.TemplateName {
|
switch templatedPolicy.TemplateName {
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||||
Template: structs.ACLTemplatedPolicyNode,
|
Template: structs.ACLTemplatedPolicyNode,
|
||||||
|
Description: structs.ACLTemplatedPolicyNodeDescription,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"dns-templated-policy": {
|
"dns-templated-policy": {
|
||||||
|
|
@ -44,6 +45,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
TemplateName: api.ACLTemplatedPolicyDNSName,
|
TemplateName: api.ACLTemplatedPolicyDNSName,
|
||||||
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||||
Template: structs.ACLTemplatedPolicyDNS,
|
Template: structs.ACLTemplatedPolicyDNS,
|
||||||
|
Description: structs.ACLTemplatedPolicyDNSDescription,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"service-templated-policy": {
|
"service-templated-policy": {
|
||||||
|
|
@ -51,6 +53,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
|
Description: structs.ACLTemplatedPolicyServiceDescription,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"nomad-server-templated-policy": {
|
"nomad-server-templated-policy": {
|
||||||
|
|
@ -58,6 +61,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
||||||
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||||
Template: structs.ACLTemplatedPolicyNomadServer,
|
Template: structs.ACLTemplatedPolicyNomadServer,
|
||||||
|
Description: structs.ACLTemplatedPolicyNomadServerDescription,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -98,16 +102,19 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||||
Template: structs.ACLTemplatedPolicyNode,
|
Template: structs.ACLTemplatedPolicyNode,
|
||||||
|
Description: structs.ACLTemplatedPolicyNodeDescription,
|
||||||
},
|
},
|
||||||
"builtin/dns": {
|
"builtin/dns": {
|
||||||
TemplateName: api.ACLTemplatedPolicyDNSName,
|
TemplateName: api.ACLTemplatedPolicyDNSName,
|
||||||
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||||
Template: structs.ACLTemplatedPolicyDNS,
|
Template: structs.ACLTemplatedPolicyDNS,
|
||||||
|
Description: structs.ACLTemplatedPolicyDNSDescription,
|
||||||
},
|
},
|
||||||
"builtin/service": {
|
"builtin/service": {
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
|
Description: structs.ACLTemplatedPolicyServiceDescription,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/dns",
|
"TemplateName": "builtin/dns",
|
||||||
"Schema": "",
|
"Schema": "",
|
||||||
"Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions for the Consul DNS to query services in the network."
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/dns
|
Name: builtin/dns
|
||||||
|
Description: Gives the token or role permissions for the Consul DNS to query services in the network.
|
||||||
Input variables: None
|
Input variables: None
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/dns
|
consul acl token create -templated-policy builtin/dns
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/dns
|
Name: builtin/dns
|
||||||
|
Description: Gives the token or role permissions for the Consul DNS to query services in the network.
|
||||||
Input variables: None
|
Input variables: None
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/dns
|
consul acl token create -templated-policy builtin/dns
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/node",
|
"TemplateName": "builtin/node",
|
||||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container."
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/node
|
Name: builtin/node
|
||||||
|
Description: Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container.
|
||||||
Input variables:
|
Input variables:
|
||||||
Name: String - Required - The node name.
|
Name: String - Required - The node name.
|
||||||
Example usage:
|
Example usage:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/node
|
Name: builtin/node
|
||||||
|
Description: Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container.
|
||||||
Input variables:
|
Input variables:
|
||||||
Name: String - Required - The node name.
|
Name: String - Required - The node name.
|
||||||
Example usage:
|
Example usage:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/nomad-server",
|
"TemplateName": "builtin/nomad-server",
|
||||||
"Schema": "",
|
"Schema": "",
|
||||||
"Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}"
|
"Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions required for integration with a nomad server."
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/nomad-server
|
Name: builtin/nomad-server
|
||||||
|
Description: Gives the token or role permissions required for integration with a nomad server.
|
||||||
Input variables: None
|
Input variables: None
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/nomad-server
|
consul acl token create -templated-policy builtin/nomad-server
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/nomad-server
|
Name: builtin/nomad-server
|
||||||
|
Description: Gives the token or role permissions required for integration with a nomad server.
|
||||||
Input variables: None
|
Input variables: None
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/nomad-server
|
consul acl token create -templated-policy builtin/nomad-server
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/service",
|
"TemplateName": "builtin/service",
|
||||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services."
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/service
|
Name: builtin/service
|
||||||
|
Description: Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services.
|
||||||
Input variables:
|
Input variables:
|
||||||
Name: String - Required - The name of the service.
|
Name: String - Required - The name of the service.
|
||||||
Example usage:
|
Example usage:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
Name: builtin/service
|
Name: builtin/service
|
||||||
|
Description: Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services.
|
||||||
Input variables:
|
Input variables:
|
||||||
Name: String - Required - The name of the service.
|
Name: String - Required - The name of the service.
|
||||||
Example usage:
|
Example usage:
|
||||||
|
|
|
||||||
|
|
@ -2,16 +2,19 @@
|
||||||
"builtin/dns": {
|
"builtin/dns": {
|
||||||
"TemplateName": "builtin/dns",
|
"TemplateName": "builtin/dns",
|
||||||
"Schema": "",
|
"Schema": "",
|
||||||
"Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nquery_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions for the Consul DNS to query services in the network."
|
||||||
},
|
},
|
||||||
"builtin/node": {
|
"builtin/node": {
|
||||||
"TemplateName": "builtin/node",
|
"TemplateName": "builtin/node",
|
||||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions for a register an agent/node into the catalog. A node is typically a consul agent but can also be a physical server, cloud instance or a container."
|
||||||
},
|
},
|
||||||
"builtin/service": {
|
"builtin/service": {
|
||||||
"TemplateName": "builtin/service",
|
"TemplateName": "builtin/service",
|
||||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}",
|
||||||
|
"Description": "Gives the token or role permissions to register a service and discover services in the Consul catalog. It also gives the specified service's sidecar proxy the permission to discover and route traffic to other services."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue