Make anonymous nomad read only

This commit is contained in:
IamTheFij 2022-07-26 20:20:43 -07:00
parent 3033c581f3
commit 963a863e2d
3 changed files with 30 additions and 8 deletions

View File

@ -1,5 +1,4 @@
resource "nomad_acl_policy" "create_post_bootstrap_policy" { resource "nomad_acl_policy" "create_post_bootstrap_policy" {
# count = can(tobool(var.nomad_secret_id)) ? 1 : 0
name = "anonymous" name = "anonymous"
description = "Anon RW" description = "Anon RW"
rules_hcl = file("${path.module}/nomad-anon-bootstrap.hcl") rules_hcl = file("${path.module}/nomad-anon-bootstrap.hcl")

View File

@ -0,0 +1,24 @@
namespace "*" {
policy = "write"
capabilities = ["alloc-node-exec"]
}
agent {
policy = "write"
}
operator {
policy = "write"
}
quota {
policy = "write"
}
node {
policy = "write"
}
host_volume "*" {
policy = "write"
}

View File

@ -1,24 +1,23 @@
namespace "*" { namespace "*" {
policy = "write" policy = "read"
capabilities = ["alloc-node-exec"]
} }
agent { agent {
policy = "write" policy = "read"
} }
operator { operator {
policy = "write" policy = "read"
} }
quota { quota {
policy = "write" policy = "read"
} }
node { node {
policy = "write" policy = "read"
} }
host_volume "*" { host_volume "*" {
policy = "write" policy = "read"
} }