website: Update ACL description to longest-prefix

This commit is contained in:
Armon Dadgar 2015-05-06 12:04:40 -07:00
parent 0acc857cbe
commit dd17147deb
1 changed files with 8 additions and 8 deletions

View File

@ -122,11 +122,11 @@ way to specify write-only. If there is no applicable rule, the
[`acl_default_policy`](/docs/agent/options.html#acl_default_policy) is applied.
Service policies are defined by coupling a service name and a policy. The rules are
enforced using an exact match policy. The default rule, applied to any service that doesn't
have a matching policy, is provided using the empty string. A service policy is either "read",
"write", or "deny". A "write" policy implies "read", and there is no way to specify write-only.
If there is no applicable rule, the
[`acl_default_policy`](/docs/agent/options.html#acl_default_policy) is
enforced using an longest-prefix match policy (this was an exact match in 0.5, but changed
in 0.5.1). The default rule, applied to any service that doesn't have a matching policy,
is provided using the empty string. A service policy is either "read", "write", or "deny".
A "write" policy implies "read", and there is no way to specify write-only. If there is no
applicable rule, the [`acl_default_policy`](/docs/agent/options.html#acl_default_policy) is
applied. Currently, only the "write" level is enforced for registration of
services; services can always be read.
@ -157,8 +157,8 @@ service "" {
policy = "write"
}
service "secure" {
# Deny registration access to service named "secure"
# Deny registration access to services prefixed "secure-"
service "secure-" {
policy = "read"
}
```
@ -182,7 +182,7 @@ This is equivalent to the following JSON input:
"": {
"policy": "write"
},
"secure": {
"secure-": {
"policy": "read"
}
}