kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-10 04:15:41 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
26e16febad01cc7d78fac93694de5a07ca5c4267
nomad/website/content/docs/commands/acl/binding-rule/create.mdx
Aimee Ukasick 23fd87d9c9 Docs: Commands section move "General options" to page bottom (#26001) 
* sectionless files plus acl section

* alloc section

* config, deployment sections

* job section

* licence, namespace

* node, node-pool

* operator

* plugin, quota, recommendation

* scaling, sentinel, server, service, system, var, volume

* Add "ENT" label to left nav for enterprise commands

* job tag break into separate folder and files; update options header
2025-06-12 14:31:38 -05:00

139 lines
4.2 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: 'nomad acl binding-rule create command reference'
description: |
The `nomad acl binding-rule create` command creates new access control list (ACL) binding rules. Set a description, associated authentication method, selector expression, or bind name. Configure role, policy, or management bind type.
---
# `nomad acl binding-rule create` command reference
The `acl binding-rule create` command is used to create new ACL Binding Rules.
## Usage
```plaintext
nomad acl binding-rule create [options]
```
The `acl binding-rule create` command requires the correct setting of the create options
via flags detailed below.
## Options
- `-description`: A free form text description of the binding-rule that must not exceed
256 characters.
- `-auth-method`: Specifies the name of the ACL authentication method that this
binding rule is associated with.
- `-selector`: Selector is an expression that matches against verified identity
attributes returned from the auth method during login.
~> **Caveat:** Selectors that operate on `ClaimMappings` (as opposed to
`ListClaimMappings`), the key that we match against has to be prefixed with
`value.`
- `-bind-type`: Specifies adjusts how this binding rule is applied at login time
to internal Nomad objects. Valid options are `role`, `policy`, and `management`.
- `-bind-name`: Specifies is the target of the binding used on selector match.
This can be lightly templated using HIL `${foo}` syntax. If the bind type is
set to `management`, this should not be set.
- `-json`: Output the ACL binding-rule in a JSON format.
- `-t`: Format and display the ACL binding-rule using a Go template.
## Examples
Create a new ACL Binding Rule:
```shell-session
$ nomad acl binding-rule create \
-description "example binding rule" \
-auth-method "auth0" \
-bind-type "role" \
-bind-name "eng-ro" \
-selector "engineering in list.roles"
ID = 698fdad6-dcb3-79dd-dc72-b43374057dea
Description = example binding rule
Auth Method = auth0
Selector = "engineering in list.roles"
Bind Type = role
Bind Name = eng-ro
Create Time = 2022-12-20 11:15:22.582568 +0000 UTC
Modify Time = 2022-12-20 11:15:22.582568 +0000 UTC
Create Index = 14
Modify Index = 14
```
Create a new ACL Binding Rule where the selector needs to be escaped on UNIX
machines:
```shell-session
$ nomad acl binding-rule create \
-description "example binding rule" \
-auth-method "auth0" \
-bind-type "role" \
-bind-name "eng-ro" \
-selector "\"product-developer\" in list.roles"
ID = 698fdad6-dcb3-79dd-dc72-b43374057dea
Description = example binding rule
Auth Method = auth0
Selector = "\"project-developer\" in list.roles"
Bind Type = role
Bind Name = eng-ro
Create Time = 2022-12-20 11:15:22.582568 +0000 UTC
Modify Time = 2022-12-20 11:15:22.582568 +0000 UTC
Create Index = 14
Modify Index = 14
```
Create a new ACL Binding Rule where the selector needs to be escaped on Windows
machines via PowerShell:
```shell-session
$ nomad.exe acl binding-rule create \
-description "example binding rule" \
-auth-method "auth0" \
-bind-type "role" \
-bind-name "eng-ro" \
-selector="`"project-developer`"
ID = 698fdad6-dcb3-79dd-dc72-b43374057dea
Description = example binding rule
Auth Method = auth0
Selector = "\"project-developer\" in list.roles"
Bind Type = role
Bind Name = eng-ro
Create Time = 2022-12-20 11:15:22.582568 +0000 UTC
Modify Time = 2022-12-20 11:15:22.582568 +0000 UTC
Create Index = 14
Modify Index = 14
```
Create a new ACL Binding Rule where the selector uses a mathing against a
single `ClaimMapping` which uses `owner` as its value:
```shell-session
$ nomad acl binding-rule create \
-description "example binding rule" \
-auth-method "github" \
-bind-type "role" \
-bind-name "eng-ro" \
-selector="value.owner == user"
ID = 698fdad6-dcb3-79dd-dc72-b43374057dea
Description = example binding rule
Auth Method = github
Selector = "value.owner == user"
Bind Type = role
Bind Name = eng-ro
Create Time = 2022-12-20 11:15:22.582568 +0000 UTC
Modify Time = 2022-12-20 11:15:22.582568 +0000 UTC
Create Index = 14
Modify Index = 14
```
## General options
@include 'general_options_no_namespace.mdx'
Reference in New Issue View Git Blame Copy Permalink