Document: update metad access rule document.

README.md

@@ -1,6 +1,8 @@
 metad
 =====
 
+English|[中文](README_zh.md)
+
 [![Build Status](https://travis-ci.org/yunify/metad.svg?branch=master)](https://travis-ci.org/yunify/metad) [![Gitter](https://badges.gitter.im/yunify/metad.svg)](https://gitter.im/yunify/metad?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 `metad` is a metadata server support the following features:
@@ -10,11 +12,16 @@ metad
 * support metadata local cache, so it can be used as a proxy to reducing the request pressure of backend (etcd).
 * api out format support json/yaml/text,and is metadata/developer friendly data structure.
 * support as [confd](https://github.com/yunify/confd)'s backend.
+* support metadata access rule define.
 
 
-## Getting Started
+## Installation
+
+You can download the latest release from [GitHub](https://github.com/yunify/metad/releases)
 
-Before we begin be sure to [download and install metad](docs/installation.md).
+* [build from source](docs/build.md)
+
+## Getting Started
 
 * [quick start guide](docs/quick-start-guide.md)
 

README_zh.md

@@ -1,10 +1,30 @@
 # metad
 
+[English](README.md)|中文
+
+[![Build Status](https://travis-ci.org/yunify/metad.svg?branch=master)](https://travis-ci.org/yunify/metad) [![Gitter](https://badges.gitter.im/yunify/metad.svg)](https://gitter.im/yunify/metad?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 `metad` 是一个元数据服务,主要提供以下功能:
 
 * **self** 语义支持,在服务器端对 IP 和元数据做映射,客户端直接通过 /self 请求和本节点相关的元数据.映射设置会保存到后端存储服务进行持久化.
 * 元数据后端存储支持 [etcd](https://github.com/coreos/etcd) (TODO 支持更多后端).
 * 元数据缓存,可以降低对后端(etcd)的请求压力.
 * 输出格式支持json/yaml/text,对配置以及开发更友好.
-* 支持作为 [confd](https://github.com/kelseyhightower/confd) 的后端服务(TODO).
+* 支持作为 [confd](https://github.com/kelseyhightower/confd) 的后端服务.
+* 支持元数据的访问规则定义，避免隐私数据泄露.
+
+## 安装
+
+你可以从后面的地址获取最新版本的二级制 [GitHub](https://github.com/yunify/metad/releases)
+
+* 也可以[从源码编译](docs/build.md)
+
+## 快速指南
+
+* [快速指南](docs/quick-start-guide.md)
+
+## 下一步
+
+* [Metad 配置说明](docs/configuration.md)
+* [Metad API 文档](docs/api.md)
+* [和 confd 的配合](docs/confd.md)

docs/api.md

@@ -93,3 +93,64 @@ This api is for manage metadata's ip mapping
 * PUT create or merge update mapping config.
 * DELETE delete mapping config, default delete all metadata in nodePath, unless subs parameter is present.
 
+### /v1/rule[?hosts=192.168.1.x,192.168.1.x]
+
+This api is for manage metadata's metadata access rule.
+
+* GET show hosts access rule config, if hosts parameter is missing, output all hosts.
+* POST|PUT update access rule, body is a json object:
+
+    ```json
+    {
+      "192.168.1.10":[{"path":"/clusters/cl-1", "mode":1}]
+    }
+    ```
+
+* DELETE delete hosts access rule
+
+## Access Rule Guide
+
+```go
+type AccessRule struct {
+	Path string     `json:"path"`
+	Mode AccessMode `json:"mode"`
+}
+```
+
+### Access rule mode
+*  0 forbidden
+*  1 read
+
+### Access rule path description
+
+1. Allow use wildcard(*) in path.
+2. The exact path rule has a higher priority than the wildcard path rule.
+3. The deep path rule has a higher priority than the shallow path rule.
+
+such as：
+
+```json
+[
+   {
+      "path":"/",
+      "mode":0
+   },
+   {
+      "path":"/clusters",
+      "mode":1
+   },
+   {
+      "path":"/clusters/*/env",
+      "mode":0
+   },
+   {
+      "path":"/clusters/cl-1",
+      "mode":1
+   }
+]
+```
+
+1. Root is forbidden，/cluster is read，so client can access the metadata under /cluster ，but can not access cluster's sibling node.
+2. /clusters/*/env this rule indicates that the metadata for the env folder of any subfolders under the clusters folder is forbidden to access，such as the client can not access /clusters/cl-2/env。
+3. /clusters/cl-1 exact define /clusters/cl-1 allow read，so the client can access any metadata that under /clusters/cl-1, include /clusters/cl-1/env.
+

docs/installation.md → docs/build.md

@@ -1,11 +1,6 @@
-# Installation
+# Building
 
-### Binary Download
-
-Currently metad ships binaries for OS X and Linux 64bit systems. You can download the latest release from [GitHub](https://github.com/yunify/metad/releases)
-
-
-#### Building from Source
+## Building from Source
 
 Go 1.7+ is required to build metad, which uses the new vendor directory.
 
@@ -31,7 +26,7 @@ sudo ./install
 ```
 
 
-#### Building from Source by docker for alpine
+## Building from Source by docker for alpine
 
 ```
 docker build . -t qingcloud/metad_builder_alpine -f Dockerfile.build.alpine
@@ -40,12 +35,8 @@ docker run -ti --rm -v $(pwd):/app qingcloud/metad_builder_alpine ./build
 
 The above docker commands will produce binary in the local bin directory.
 
-#### Run by docker image
+## Run by docker image
 
 ```
 docker run -it qingcloud/metad
-```
-
-### Next Steps
-
-Get up and running with the [Quick Start Guide](quick-start-guide.md).
+```