Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ACL template policy for Nodes #6123

Closed
vasilij-icabbi opened this issue Jul 12, 2019 · 1 comment
Closed

Support ACL template policy for Nodes #6123

vasilij-icabbi opened this issue Jul 12, 2019 · 1 comment
Labels
theme/acls ACL and token generation type/enhancement Proposed improvement or new feature

Comments

@vasilij-icabbi
Copy link

vasilij-icabbi commented Jul 12, 2019
edited
Loading

Feature Description

Automatically populate segment in node resource in ACL. Probably something like "ACL Service Identities" can be reused, or same approach taken. For instance:

node "<node name>" {
    policy = "write"
}

Where <node name> is automatically replaced with actual node name (e.g. consul-1)

Use Case(s)

Consul Server cluster that runs using AWS ASG and least permissive tokens is a requirement. To achieve that, currently need to create custom scripts and handlers.

Discussed here
@pearkes pearkes added type/enhancement Proposed improvement or new feature theme/acls ACL and token generation labels Jul 12, 2019
@blake
Copy link
Contributor

blake commented Oct 27, 2020

@vasilij-icabbi, Consul 1.8.1 added support for Node Identities in PR #7970, which works similarly to ACL Service Identities.

You can create an agent token with consul acl token create -node-identity=<nodename>:<DC>. The pre-configured ACL policy template listed in the docs will be assigned to the token.

@blake blake closed this as completed Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
theme/acls ACL and token generation type/enhancement Proposed improvement or new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@blake @pearkes @vasilij-icabbi