open-consul

Commit Graph

Author	SHA1	Message	Date
R.B. Boyer	9542fdc9bc	acl: adding Roles to Tokens (#5514 ) Roles are named and can express the same bundle of permissions that can currently be assigned to a Token (lists of Policies and Service Identities). The difference with a Role is that it not itself a bearer token, but just another entity that can be tied to a Token. This lets an operator potentially curate a set of smaller reusable Policies and compose them together into reusable Roles, rather than always exploding that same list of Policies on any Token that needs similar permissions. This also refactors the acl replication code to be semi-generic to avoid 3x copypasta.	2019-04-26 14:49:12 -05:00

Author

SHA1

Message

Date

R.B. Boyer

9542fdc9bc

acl: adding Roles to Tokens (#5514 )

Roles are named and can express the same bundle of permissions that can
currently be assigned to a Token (lists of Policies and Service
Identities). The difference with a Role is that it not itself a bearer
token, but just another entity that can be tied to a Token.

This lets an operator potentially curate a set of smaller reusable
Policies and compose them together into reusable Roles, rather than
always exploding that same list of Policies on any Token that needs
similar permissions.

This also refactors the acl replication code to be semi-generic to avoid
3x copypasta.

2019-04-26 14:49:12 -05:00

1 Commits