Clarify how to use the new acl system

README.md

@@ -232,7 +232,34 @@ consul_token {'test_token':
   ],
 }
 ```
+Here is an exmaple to automatically create a policy and acl for each host. 
+For development environments `acl_api_token` can be the bootstrap token. For production it should be a dedicated token with access to write/read from the acls. 
 
+```
+  # Crate ACL policy that allows nodes to update themselves and read others
+  consul_policy { $::hostname:
+    description => "${::hostname}, generated by puppet",
+    rules => [
+      {
+        'resource' => 'node',
+        'segment' => "$::hostname",
+        'disposition' => 'write'
+      },
+      {
+        'resource' => 'node',
+        'segment' => '',
+        'disposition' => 'read'
+      }
+    ],
+    acl_api_token => $acl_api_token
+  }
+
+  consul_token { $::hostname:
+    policies_by_name => ["${::hostname}"],
+    acl_api_token => $acl_api_token,
+  }
+ ```
+
 Predefining token secret is supported by setting secret_id property.
 
 Externally created tokens and policies may be used by referencing them by ID (Token: accessor_id property, Policy: ID property, linking: policies_by_id property)