Fix secret_id and document minimal ACL policy

elastic · Jun 28, 2021 · ea6ba46 · ea6ba46
1 parent 56f679d
commit ea6ba46
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/libbeat/docs/shared-autodiscover.asciidoc b/libbeat/docs/shared-autodiscover.asciidoc
@@ -482,7 +482,18 @@ The `nomad` autodiscover provider has the following configuration settings:
 
 `namespace`:: (Optional) Namespace to use. If not provided the `default` namespace is used.
 
-`secret_id`:: (Optional) SecretID to use if ACL is enabled in Nomad.
+`secret_id`:: (Optional) SecretID to use if ACL is enabled in Nomad. A minimal
+ACL policy is:
+
+[source,hcl]
+----
+node {
+  policy = "read"
+}
+agent {
+  policy = "read"
+}
+----
 
 `node`:: (Optional) Specify the node to scope {beatname_lc} to in case it
   cannot be accurately detected when `node` scope is used.

diff --git a/x-pack/libbeat/processors/add_nomad_metadata/docs/add_nomad_metadata.asciidoc b/x-pack/libbeat/processors/add_nomad_metadata/docs/add_nomad_metadata.asciidoc
@@ -32,7 +32,18 @@ uses `http://127.0.0.1:4646` by default.
 in this namespace will be annotated.
 `region`:: (Optional) Region to watch. If set, only events for allocations in
 this region will be annotated.
-`secretID`:: (Optional) SecretID to use when connecting with the agent API.
+`secret_id`:: (Optional) SecretID to use when connecting with the agent API.  A
+minimal ACL policy is:
+
+[source,hcl]
+----
+node {
+  policy = "read"
+}
+agent {
+  policy = "read"
+}
+----
 `refresh_interval`:: (Optional) Interval used to updated the cached metadata. It
 defaults to 30 seconds.
 `cleanup_timeout`:: (Optional) After an allocation has been removed, time to