4a1fa67f26
I apologize in advance for the rather long PR, but unfortunately there is not an easy way to break this up into smaller chunks. This separates the agent configuration into smaller, more consumable pieces just like the job specification.
21 lines
507 B
HCL
21 lines
507 B
HCL
# Allow creating tokens under the role
|
|
path "auth/token/create/nomad-server" {
|
|
capabilities = ["create", "update"]
|
|
}
|
|
|
|
# Allow looking up the role
|
|
path "auth/token/roles/nomad-server" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Allow looking up incoming tokens to validate they have permissions to
|
|
# access the tokens they are requesting
|
|
path "auth/token/lookup/*" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Allow revoking tokens that should no longer exist
|
|
path "/auth/token/revoke-accessor/*" {
|
|
capabilities = ["update"]
|
|
}
|