mirror of
https://github.com/kemko/nomad.git
synced 2026-01-06 18:35:44 +03:00
7b00a118f5
Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
25 lines
242 B
HCL
25 lines
242 B
HCL
namespace "*" {
|
|
policy = "write"
|
|
capabilities = ["alloc-node-exec"]
|
|
}
|
|
|
|
agent {
|
|
policy = "write"
|
|
}
|
|
|
|
operator {
|
|
policy = "write"
|
|
}
|
|
|
|
quota {
|
|
policy = "write"
|
|
}
|
|
|
|
node {
|
|
policy = "write"
|
|
}
|
|
|
|
host_volume "*" {
|
|
policy = "write"
|
|
}
|