-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpolicies_example.yml
34 lines (32 loc) · 1.16 KB
/
policies_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Copyright © 2020, CERN
# This software is distributed under the terms of the MIT Licence,
# copied verbatim in the file 'LICENSE'. In applying this licence,
# CERN does not waive the privileges and immunities
# granted to it by virtue of its status as an Intergovernmental Organization
# or submit itself to any jurisdiction.
---
# Policy enforcing
# More information for policies can be found at the
# "Main concepts" section of the zkPolicy README.md
# Be sure for the changes that a policy can enforce to a ZK tree.
# Execute first using -d (Dry Run) for overviewing the znodes that
# will be affected by this policy.
policies:
- title: "Append ip:127.0.0.2:c to all matching ip:*:*"
query:
name: "globMatchACL"
rootPath: "/"
args:
- "ip:*:*"
# If true, policy ACL elements are appended to existing znode ACL
# else the existing ACL is overwritten
append: true
acls:
- "ip:127.0.0.3:c"
- title: "Harden all nodes that are unprotected with a specific ACL entry"
query:
name: "noACL"
rootPath: "/"
append: false
acls:
- "sasl:user1:cdrwa"