Add lookup-self

2017-02-28 13:46:38 -08:00 · 2017-02-28 13:46:38 -08:00 · 9c91550926
parent ab2f399ac8
commit 9c91550926
2 changed files with 12 additions and 0 deletions
--- a/website/source/data/vault/nomad-server-policy.hcl
+++ b/website/source/data/vault/nomad-server-policy.hcl
@ -10,6 +10,12 @@ path "auth/token/roles/nomad-cluster" {
  capabilities = ["read"]
 }

+# Allow looking up the token passed to Nomad to validate # the token has the
+# proper capabilities. This is provided by the "default" policy.
+path "auth/token/lookup-self" {
+  capabilities = ["read"]
+}
+
 # Allow looking up incoming tokens to validate they have permissions to access
 # the tokens they are requesting. This is only required if
 # `allow_unauthenticated` is set to false.
--- a/website/source/docs/vault-integration/index.html.md
+++ b/website/source/docs/vault-integration/index.html.md
@ -75,6 +75,12 @@ path "auth/token/roles/nomad-cluster" {
  capabilities = ["read"]
 }

+# Allow looking up the token passed to Nomad to validate # the token has the
+# proper capabilities. This is provided by the "default" policy.
+path "auth/token/lookup-self" {
+  capabilities = ["read"]
+}
+
 # Allow looking up incoming tokens to validate they have permissions to access
 # the tokens they are requesting. This is only required if
 # `allow_unauthenticated` is set to false.