Command: acl auth-method update
The acl auth-method update command is used to update existing ACL Auth Methods.
Usage
The acl auth-method update command requires an existing method's name.
General Options
-address=<addr>: The address of the Nomad server. Overrides theNOMAD_ADDRenvironment variable if set. Defaults tohttp://127.0.0.1:4646.-region=<region>: The region of the Nomad server to forward commands to. Overrides theNOMAD_REGIONenvironment variable if set. Defaults to the Agent's local region.-no-color: Disables colored command output. Alternatively,NOMAD_CLI_NO_COLORmay be set. This option takes precedence over-force-color.-force-color: Forces colored command output. This can be used in cases where the usual terminal detection fails. Alternatively,NOMAD_CLI_FORCE_COLORmay be set. This option has no effect if-no-coloris also used.-ca-cert=<path>: Path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. Overrides theNOMAD_CACERTenvironment variable if set.-ca-path=<path>: Path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. If both-ca-certand-ca-pathare specified,-ca-certis used. Overrides theNOMAD_CAPATHenvironment variable if set.-client-cert=<path>: Path to a PEM encoded client certificate for TLS authentication to the Nomad server. Must also specify-client-key. Overrides theNOMAD_CLIENT_CERTenvironment variable if set.-client-key=<path>: Path to an unencrypted PEM encoded private key matching the client certificate from-client-cert. Overrides theNOMAD_CLIENT_KEYenvironment variable if set.-tls-server-name=<value>: The server name to use as the SNI host when connecting via TLS. Overrides theNOMAD_TLS_SERVER_NAMEenvironment variable if set.-tls-skip-verify: Do not verify TLS certificate. This is highly not recommended. Verification will also be skipped ifNOMAD_SKIP_VERIFYis set.-token: The SecretID of an ACL token to use to authenticate API requests with. Overrides theNOMAD_TOKENenvironment variable if set.
Update Options
-name: Sets the human-readable name for the ACL Role. It is required and can contain alphanumeric characters and dashes. This name must be unique and must not exceed 128 characters.-description: A free form text description of the role that must not exceed 256 characters.-policy: Specifies a policy to associate with the role identified by their name. This flag can be specified multiple times and must be specified at least once.-no-merge: Do not merge the current role information with what is provided to the command. Instead, overwrite all fields with the exception of the role ID which is immutable.-type: Updates the type of the auth method. Supported types areOIDCandJWT.-max-token-ttl: Updates the duration of time all tokens created by this auth method should be valid for.-token-locality: Updates the kind of token that this auth method should produce. This can be eitherlocalorglobal.token-name-format: Sets the token format for the authenticated users. This can be lightly templated using HIL '${foo}' syntax. Defaults to '${auth_method_type}-${auth_method_name}'.-default: Specifies whether this auth method should be treated as a default one in case no auth method is explicitly specified for a login command.-config: Auth method [configuration] in JSON format. May be prefixed with '@' to indicate that the value is a file path to load the config from. '-' may also be given to indicate that the config is available on stdin.-json: Output the ACL auth method in a JSON format.-t: Format and display the ACL auth method using a Go template.
Examples
Update an existing ACL auth method: