open-nomad/website/source/data/vault/nomad-server-policy.hcl

# Allow creating tokens under the role
path "auth/token/create/nomad-server" {
  capabilities = ["create", "update"]
}

# Allow looking up the role
path "auth/token/roles/nomad-server" {
  capabilities = ["read"]
}

# Allow looking up incoming tokens to validate they have permissions to
# access the tokens they are requesting
path "auth/token/lookup/*" {
  capabilities = ["read"]
}

# Allow revoking tokens that should no longer exist
path "/auth/token/revoke-accessor/*" {
  capabilities = ["update"]
}
docs 2016-11-01 19:23:10 +00:00			`# Allow creating tokens under the role`
			`path "auth/token/create/nomad-server" {`
Separate agent configuration into its own pages I apologize in advance for the rather long PR, but unfortunately there is not an easy way to break this up into smaller chunks. This separates the agent configuration into smaller, more consumable pieces just like the job specification. 2016-11-01 12:53:13 +00:00			`capabilities = ["create", "update"]`
docs 2016-11-01 19:23:10 +00:00			`}`

			`# Allow looking up the role`
			`path "auth/token/roles/nomad-server" {`
Separate agent configuration into its own pages I apologize in advance for the rather long PR, but unfortunately there is not an easy way to break this up into smaller chunks. This separates the agent configuration into smaller, more consumable pieces just like the job specification. 2016-11-01 12:53:13 +00:00			`capabilities = ["read"]`
docs 2016-11-01 19:23:10 +00:00			`}`

			`# Allow looking up incoming tokens to validate they have permissions to`
			`# access the tokens they are requesting`
			`path "auth/token/lookup/*" {`
Separate agent configuration into its own pages I apologize in advance for the rather long PR, but unfortunately there is not an easy way to break this up into smaller chunks. This separates the agent configuration into smaller, more consumable pieces just like the job specification. 2016-11-01 12:53:13 +00:00			`capabilities = ["read"]`
docs 2016-11-01 19:23:10 +00:00			`}`

			`# Allow revoking tokens that should no longer exist`
			`path "/auth/token/revoke-accessor/*" {`
Separate agent configuration into its own pages I apologize in advance for the rather long PR, but unfortunately there is not an easy way to break this up into smaller chunks. This separates the agent configuration into smaller, more consumable pieces just like the job specification. 2016-11-01 12:53:13 +00:00			`capabilities = ["update"]`
docs 2016-11-01 19:23:10 +00:00			`}`