如何在配置文件中配置多个 Consul ACL 角色(没有 HTTP API)?
How to configure multiple Consul ACL roles inside configuration file (without HTTP API)?
在 Consul ACL Internals 文档中,提供了示例配置以在 HashiCorp 配置语言和 JSON 中设置一些默认的 ACL 规则。它看起来像这样:
{
"key": {
"": {
"policy": "read"
},
"foo/": {
"policy": "write"
},
"foo/private": {
"policy": "deny"
}
},
"service": {
"": {
"policy": "write"
},
"secure-": {
"policy": "read"
}
},
"event": {
"": {
"policy": "write"
},
"destroy-": {
"policy": "deny"
}
},
"query": {
"": {
"policy": "read"
}
},
"keyring": "read",
"operator": "read"
}
文档仅说明如何设置默认角色。
使用 HTTP API,您可以通过传递 JSON 类似于创建端点的规则来创建角色令牌:
{
"Name": "my-app-token",
"Type": "client",
"Rules": ""
}
但我希望能够在我的静态配置文件中进行设置,以便拥有多个角色及其相关策略。
我该怎么做?我是否只添加名称、类型、角色和 UUID?如果是这样,where/how我会这样做吗?
我通过 Consul Google Groups 页面了解到,根据用户的说法,ACL 目前不能定义为静态配置文件,必须通过 HTTP API:
Currently the ACLs cannot be directly inserted into
a configuration file that Consul will read. The API is the primary way of interaction with ACLs.
(截至 2015 年 10 月 10 日)
https://groups.google.com/d/msg/consul-tool/fGuFTq0fvcU/f6-mwh4aCQAJ
在 Consul ACL Internals 文档中,提供了示例配置以在 HashiCorp 配置语言和 JSON 中设置一些默认的 ACL 规则。它看起来像这样:
{
"key": {
"": {
"policy": "read"
},
"foo/": {
"policy": "write"
},
"foo/private": {
"policy": "deny"
}
},
"service": {
"": {
"policy": "write"
},
"secure-": {
"policy": "read"
}
},
"event": {
"": {
"policy": "write"
},
"destroy-": {
"policy": "deny"
}
},
"query": {
"": {
"policy": "read"
}
},
"keyring": "read",
"operator": "read"
}
文档仅说明如何设置默认角色。
使用 HTTP API,您可以通过传递 JSON 类似于创建端点的规则来创建角色令牌:
{
"Name": "my-app-token",
"Type": "client",
"Rules": ""
}
但我希望能够在我的静态配置文件中进行设置,以便拥有多个角色及其相关策略。
我该怎么做?我是否只添加名称、类型、角色和 UUID?如果是这样,where/how我会这样做吗?
我通过 Consul Google Groups 页面了解到,根据用户的说法,ACL 目前不能定义为静态配置文件,必须通过 HTTP API:
Currently the ACLs cannot be directly inserted into a configuration file that Consul will read. The API is the primary way of interaction with ACLs.
(截至 2015 年 10 月 10 日)
https://groups.google.com/d/msg/consul-tool/fGuFTq0fvcU/f6-mwh4aCQAJ