Make anonymous nomad read only
This commit is contained in:
parent
c21ed2fa3f
commit
7554509671
@ -1,5 +1,4 @@
|
||||
resource "nomad_acl_policy" "create_post_bootstrap_policy" {
|
||||
# count = can(tobool(var.nomad_secret_id)) ? 1 : 0
|
||||
name = "anonymous"
|
||||
description = "Anon RW"
|
||||
rules_hcl = file("${path.module}/nomad-anon-bootstrap.hcl")
|
||||
|
24
acls/nomad-admin-policy.hcl
Normal file
24
acls/nomad-admin-policy.hcl
Normal file
@ -0,0 +1,24 @@
|
||||
namespace "*" {
|
||||
policy = "write"
|
||||
capabilities = ["alloc-node-exec"]
|
||||
}
|
||||
|
||||
agent {
|
||||
policy = "write"
|
||||
}
|
||||
|
||||
operator {
|
||||
policy = "write"
|
||||
}
|
||||
|
||||
quota {
|
||||
policy = "write"
|
||||
}
|
||||
|
||||
node {
|
||||
policy = "write"
|
||||
}
|
||||
|
||||
host_volume "*" {
|
||||
policy = "write"
|
||||
}
|
@ -1,24 +1,23 @@
|
||||
namespace "*" {
|
||||
policy = "write"
|
||||
capabilities = ["alloc-node-exec"]
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
agent {
|
||||
policy = "write"
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
operator {
|
||||
policy = "write"
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
quota {
|
||||
policy = "write"
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
node {
|
||||
policy = "write"
|
||||
policy = "read"
|
||||
}
|
||||
|
||||
host_volume "*" {
|
||||
policy = "write"
|
||||
policy = "read"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user