forked from tailscale/tailscale-client-go
/
acl.json
49 lines (49 loc) · 1.25 KB
/
acl.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
"groups": {
"group:dev": ["alice@example.com", "bob@example.com"],
"group:devops": ["carl@example.com"]
},
"acls": [
{ "action": "accept", "src": ["autogroup:members"], "dst": ["autogroup:self:*"] },
{ "action": "accept", "src": ["group:dev"], "dst": ["tag:dev:*"] },
{ "action": "accept", "src": ["group:devops"], "dst": ["tag:prod:*"] },
{ "action": "accept", "src": ["autogroup:members"], "dst": ["tag:monitoring:80,443"] }
],
"tagOwners": {
"tag:monitoring": ["group:devops"],
"tag:dev": ["group:devops"],
"tag:prod": ["group:devops"]
},
"tests": [
{
"src": "carl@example.com",
"accept": ["tag:prod:80"]
},
{
"src": "alice@example.com",
"accept": ["tag:dev:80"],
"deny": ["tag:prod:80"]
}
],
"ssh": [
{
"action": "accept",
"src": ["autogroup:members"],
"dst": ["autogroup:self"],
"users": ["root", "autogroup:nonroot"]
},
{
"action": "accept",
"src": ["autogroup:members"],
"dst": ["tag:prod"],
"users": ["root", "autogroup:nonroot"]
},
{
"action": "accept",
"src": ["tag:logging"],
"dst": ["tag:prod"],
"users": ["root", "autogroup:nonroot"],
"checkPeriod": "20h"
}
]
}