website: Update ACL docs
This commit is contained in:
parent
42bad4af80
commit
376f9694f4
|
@ -114,6 +114,16 @@ key "foo/private/" {
|
|||
# Deny access to the private dir
|
||||
policy = "deny"
|
||||
}
|
||||
|
||||
# Default all services to allowing registration
|
||||
service "" {
|
||||
policy = "write"
|
||||
}
|
||||
|
||||
service "secure" {
|
||||
# Deny registration access to secure service
|
||||
policy = "read"
|
||||
}
|
||||
```
|
||||
|
||||
This is equivalent to the following JSON input:
|
||||
|
@ -122,13 +132,21 @@ This is equivalent to the following JSON input:
|
|||
{
|
||||
"key": {
|
||||
"": {
|
||||
"policy": "read",
|
||||
"policy": "read"
|
||||
},
|
||||
"foo/": {
|
||||
"policy": "write",
|
||||
"policy": "write"
|
||||
},
|
||||
"foo/private": {
|
||||
"policy": "deny",
|
||||
"policy": "deny"
|
||||
}
|
||||
},
|
||||
"service": {
|
||||
"": {
|
||||
"policy": "write"
|
||||
},
|
||||
"secure": {
|
||||
"policy": "read"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -139,3 +157,11 @@ using a longest-prefix match policy. This means we pick the most specific
|
|||
policy possible. The policy is either "read", "write" or "deny". A "write"
|
||||
policy implies "read", and there is no way to specify write-only. If there
|
||||
is no applicable rule, the `acl_default_policy` is applied.
|
||||
|
||||
Services policies provide both a service name and a policy. The rules are
|
||||
enforced using an exact match policy. The default rule is provided using
|
||||
the empty string. The policy is either "read", "write", or "deny". A "write"
|
||||
policy implies "read", and there is no way to specify write-only. If there
|
||||
is no applicable rule, the `acl_default_policy` is applied. Currently, only
|
||||
the "write" level is enforced for registration of services.
|
||||
|
||||
|
|
Loading…
Reference in New Issue