Make anonymous nomad read only

This commit is contained in:
IamTheFij 2022-07-26 20:20:43 -07:00
parent c21ed2fa3f
commit 7554509671
3 changed files with 30 additions and 8 deletions

View File

@ -1,5 +1,4 @@
resource "nomad_acl_policy" "create_post_bootstrap_policy" {
# count = can(tobool(var.nomad_secret_id)) ? 1 : 0
name = "anonymous"
description = "Anon RW"
rules_hcl = file("${path.module}/nomad-anon-bootstrap.hcl")

View File

@ -0,0 +1,24 @@
namespace "*" {
policy = "write"
capabilities = ["alloc-node-exec"]
}
agent {
policy = "write"
}
operator {
policy = "write"
}
quota {
policy = "write"
}
node {
policy = "write"
}
host_volume "*" {
policy = "write"
}

View File

@ -1,24 +1,23 @@
namespace "*" {
policy = "write"
capabilities = ["alloc-node-exec"]
policy = "read"
}
agent {
policy = "write"
policy = "read"
}
operator {
policy = "write"
policy = "read"
}
quota {
policy = "write"
policy = "read"
}
node {
policy = "write"
policy = "read"
}
host_volume "*" {
policy = "write"
policy = "read"
}