kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

ACL Binding Rules CLI documentation (#15584)

Browse Source
This commit is contained in:
Piotr Kazmierczak
2022-12-22 16:36:25 +01:00
committed by GitHub
parent bb8d2d73c5
commit f452441542
9 changed files with 267 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/content/docs/commands/acl/auth-method/create.mdx
View File

@@ -51,7 +51,7 @@ via flags detailed below.
## Examples
Create a new ACL Role:
Create a new ACL Auth Method:
```shell-session
$ nomad acl auth-method create -name "example-acl-auth-method" -type "OIDC" -max-token-ttl "1h" -token-locality "local" -config "@config.json"

2
website/content/docs/commands/acl/auth-method/list.mdx
View File

@@ -1,7 +1,7 @@
---
layout: docs
page_title: 'Commands: acl auth-method list'
description: The auth-method list command is used to list existing ACL Roles.
description: The auth-method list command is used to list existing ACL Auth Methods.
---
# Command: acl auth-method list

61
website/content/docs/commands/acl/binding-rule/create.mdx Normal file
View File

@@ -0,0 +1,61 @@
---
layout: docs
page_title: 'Commands: acl binding-rule create'
description: The binding-rule create command is used to create new ACL Binding Rules.
---
# Command: acl binding-rule create
The `acl binding-rule create` command is used to create new ACL Binding Rules.
## Usage
```plaintext
nomad acl binding-rule create [options]
```
The `acl binding-rule create` command requires the correct setting of the create options
via flags detailed below.
## General Options
@include 'general_options_no_namespace.mdx'
## Create Options
- `-description`: A free form text description of the binding-rule that must not exceed
256 characters.
- `-auth-method`: Specifies the name of the ACL authentication method that this
binding rule is associated with.
- `-selector`: Selector is an expression that matches against verified identity
attributes returned from the auth method during login.
- `-bind-type`: Specifies adjusts how this binding rule is applied at login time
to internal Nomad objects. Valid options are `role` and `policy`.
- `-bind-name`: Specifies is the target of the binding used on selector match.
This can be lightly templated using HIL `${foo}` syntax.
- `-json`: Output the ACL binding-rule in a JSON format.
- `-t`: Format and display the ACL binding-rule using a Go template.
## Examples
Create a new ACL Binding Rule:
```shell-session
$ nomad acl binding-rule create -description "example binding rule" -auth-method "auth0" -bind-type "role" -bind-name "eng-ro" -selector "engineering in list.roles"
ID = 698fdad6-dcb3-79dd-dc72-b43374057dea
Description = example binding rule
Auth Method = auth0
Selector = "engineering in list.roles"
Bind Type = role
Bind Name = eng-ro
Create Time = 2022-12-20 11:15:22.582568 +0000 UTC
Modify Time = 2022-12-20 11:15:22.582568 +0000 UTC
Create Index = 14
Modify Index = 14
```

30
website/content/docs/commands/acl/binding-rule/delete.mdx Normal file
View File

@@ -0,0 +1,30 @@
---
layout: docs
page_title: 'Commands: acl binding-rule delete'
description: The binding-rule delete command is used to delete existing ACL Binding Rules.
---
# Command: acl binding-rule delete
The `acl binding-rule delete` command is used to delete existing ACL Binding Rules.
## Usage
```plaintext
nomad acl binding-rule delete [options] <binding-rule_id>
```
The `acl binding-rule delete` command requires an existing rule's ID.
## General Options
@include 'general_options_no_namespace.mdx'
## Examples
Delete an existing ACL Auth Method:
```shell-session
$ nomad acl binding-rule delete 698fdad6-dcb3-79dd-dc72-b43374057dea
ACL binding rule 698fdad6-dcb3-79dd-dc72-b43374057dea successfully deleted
```

47
website/content/docs/commands/acl/binding-rule/info.mdx Normal file
View File

@@ -0,0 +1,47 @@
---
layout: docs
page_title: 'Commands: acl binding-rule info'
description: |
The binding-rule info command is used to fetch information about an existing
ACL Binding Rule.
---
# Command: acl binding-rule info
The `acl binding-rule info` command is used to fetch information about an existing ACL Binding Rule.
## Usage
```plaintext
nomad acl binding-rule info [options] <binding-rule_id>
```
The `acl binding-rule info` command requires an existing rule's ID.
## General Options
@include 'general_options_no_namespace.mdx'
## Info Options
- `-json`: Output the ACL Binding Rule in a JSON format.
- `-t`: Format and display the ACL Binding Rule using a Go template.
## Examples
Fetch information about an existing ACL Binding Rule:
```shell-session
$ nomad acl binding-rule info dc0e494d-0878-4e56-37d4-482e371e5bdb
ID = dc0e494d-0878-4e56-37d4-482e371e5bdb
Description = example binding rule
Auth Method = auth0
Selector = "engineering in list.roles"
Bind Type = role
Bind Name = engineering-ro
Create Time = 2022-12-20 11:17:40.483196 +0000 UTC
Modify Time = 2022-12-20 11:17:40.483196 +0000 UTC
Create Index = 17
Modify Index = 17
```

35
website/content/docs/commands/acl/binding-rule/list.mdx Normal file
View File

@@ -0,0 +1,35 @@
---
layout: docs
page_title: 'Commands: acl binding-rule list'
description: The binding-rule list command is used to list existing ACL Binding Rules.
---
# Command: acl binding-rule list
The `acl binding-rule list` command is used to list existing ACL Binding Rules.
## Usage
```plaintext
nomad acl binding-rule list [options]
```
## General Options
@include 'general_options_no_namespace.mdx'
## List Options
- `-json` : Output the ACL binding-rules in a JSON format.
- `-t` : Format and display the ACL binding-rules using a Go template.
## Examples
List all ACL Binding Rules:
```shell-session
$ nomad acl binding-rule list
ID Description Auth Method
dc0e494d-0878-4e56-37d4-482e371e5bdb example binding rule auth0
```

57
website/content/docs/commands/acl/binding-rule/update.mdx Normal file
View File

@@ -0,0 +1,57 @@
---
layout: docs
page_title: 'Commands: acl binding-rule update'
description: The binding-rule update command is used to update existing ACL Binding Rules.
---
# Command: acl binding-rule update
The `acl binding-rule update` command is used to update existing ACL Binding Rules.
## Usage
```plaintext
nomad acl binding-rule update [options] <binding-rule_ID>
```
The `acl binding-rule update` command requires an existing rule's ID.
## General Options
@include 'general_options_no_namespace.mdx'
## Update Options
- `-description`: A free form text description of the binding-rule that must not exceed
256 characters.
- `-selector`: Selector is an expression that matches against verified identity
attributes returned from the binding rule during login.
- `-bind-type`: Specifies adjusts how this binding rule is applied at login time
to internal Nomad objects. Valid options are `role` and `policy`.
- `-bind-name`: Specifies is the target of the binding used on selector match.
This can be lightly templated using HIL `${foo}` syntax.
- `-json`: Output the ACL binding-rule in a JSON format.
- `-t`: Format and display the ACL binding-rule using a Go template.
## Examples
Update an existing ACL binding rule:
```shell-session
$ nomad acl binding-rule update -description "new description" dc0e494d-0878-4e56-37d4-482e371e5bdb
ID = dc0e494d-0878-4e56-37d4-482e371e5bdb
Description = new description
Auth Method = auth0
Selector = "engineering in list.roles"
Bind Type = role
Bind Name = engineering-ro
Create Time = 2022-12-20 11:17:40.483196 +0000 UTC
Modify Time = 2022-12-20 11:23:30.355439 +0000 UTC
Create Index = 17
Modify Index = 25
```

10
website/content/docs/commands/acl/index.mdx
View File

@@ -24,6 +24,11 @@ subcommands are available:
- [`acl auth-method info`][authmethodinfo] - Fetch information on an existing ACL auth method
- [`acl auth-method list`][authmethodlist] - List available ACL auth methods
- [`acl auth-method update`][authmethodupdate] - Update existing ACL auth method
- [`acl binding-rule create`][bindingrulecreate] - Create a new ACL binding rule
- [`acl binding-rule delete`][bindingruledelete] - Delete an existing ACL binding rule
- [`acl binding-rule info`][bindingruleinfo] - Fetch information on an existing ACL binding rule
- [`acl binding-rule list`][bindingrulelist] - List available ACL binding rules
- [`acl binding-rule update`][bindingruleupdate] - Update existing ACL binding rule
- [`acl policy apply`][policyapply] - Create or update ACL policies
- [`acl policy delete`][policydelete] - Delete an existing ACL policies
- [`acl policy info`][policyinfo] - Fetch information on an existing ACL policy
@@ -46,6 +51,11 @@ subcommands are available:
[authmethodinfo]: /docs/commands/acl/auth-method/info
[authmethodlist]: /docs/commands/acl/auth-method/list
[authmethodupdate]: /docs/commands/acl/auth-method/update
[bindingrulecreate]: /docs/commands/acl/binding-rule/create
[bindingruledelete]: /docs/commands/acl/binding-rule/delete
[bindingruleinfo]: /docs/commands/acl/binding-rule/info
[bindingrulelist]: /docs/commands/acl/binding-rule/list
[bindingruleupdate]: /docs/commands/acl/binding-rule/update
[policyapply]: /docs/commands/acl/policy/apply
[policydelete]: /docs/commands/acl/policy/delete
[policyinfo]: /docs/commands/acl/policy/info

25
website/data/docs-nav-data.json
View File

@@ -261,6 +261,31 @@
}
]
},
{
"title": "binding-rule",
"routes": [
{
"title": "create",
"path": "commands/acl/binding-rule/create"
},
{
"title": "delete",
"path": "commands/acl/binding-rule/delete"
},
{
"title": "info",
"path": "commands/acl/binding-rule/info"
},
{
"title": "list",
"path": "commands/acl/binding-rule/list"
},
{
"title": "update",
"path": "commands/acl/binding-rule/update"
}
]
},
{
"title": "policy",
"routes": [