From 0eb8dcabacbfaa9f6f22fb263882faf0c490969b Mon Sep 17 00:00:00 2001
From: Tristan Morgan <tristan.morgan@hashicorp.com>
Date: Wed, 13 Nov 2024 10:03:13 +1100
Subject: [PATCH] Update policies to scope agent access.

---
 .../structs/acltemplatedpolicy/policies/ce/nomad-client.hcl  | 4 ++--
 .../structs/acltemplatedpolicy/policies/ce/nomad-server.hcl  | 5 ++---
 .../ce/nomad-client-templated-policy.json.golden             | 2 +-
 .../ce/nomad-client-templated-policy.pretty-meta.golden      | 3 ++-
 .../ce/nomad-server-templated-policy.json.golden             | 2 +-
 .../ce/nomad-server-templated-policy.pretty-meta.golden      | 4 ++--
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
index 4045531f08..6ea8804909 100644
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
@@ -1,4 +1,4 @@
-agent_prefix "" {
+agent "{{.Name}}" {
   policy = "read"
 }
 node "{{.Name}}" {
@@ -9,4 +9,4 @@ service_prefix "" {
 }
 key_prefix "" {
   policy = "read"
-}
\ No newline at end of file
+}
diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
index 2bb5f49852..4eeaa39ae5 100644
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
@@ -1,8 +1,7 @@
-
 acl  = "write"
 mesh = "write"
 
-agent_prefix "" {
+agent "{{.Name}}" {
   policy = "read"
 }
 node "{{.Name}}" {
@@ -10,4 +9,4 @@ node "{{.Name}}" {
 }
 service_prefix "" {
   policy = "write"
-}
\ No newline at end of file
+}
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
index 5b59695096..61d2d762ae 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
@@ -1,6 +1,6 @@
 {
     "TemplateName": "builtin/nomad-client",
     "Schema": "",
-    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
+    "Template": "agent \"{{.Name}}\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}\n",
     "Description": "Gives the token or role permissions required for integration with a nomad client."
 }
\ No newline at end of file
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
index 99ce3c4437..59360c8527 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
@@ -5,7 +5,7 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/nomad-client -var name:node-1
 Raw Template:
-agent_prefix "" {
+agent "{{.Name}}" {
   policy = "read"
 }
 node "{{.Name}}" {
@@ -17,3 +17,4 @@ service_prefix "" {
 key_prefix "" {
   policy = "read"
 }
+
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
index 6adac15f21..400edcc8f5 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
@@ -1,6 +1,6 @@
 {
     "TemplateName": "builtin/nomad-server",
     "Schema": "",
-    "Template": "\nacl  = \"write\"\nmesh = \"write\"\n\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
+    "Template": "acl  = \"write\"\nmesh = \"write\"\n\nagent \"{{.Name}}\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\n",
     "Description": "Gives the token or role permissions required for integration with a nomad server."
 }
\ No newline at end of file
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
index 9c38bd962e..290bf6ee4c 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
@@ -5,11 +5,10 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/nomad-server -var name:node-1
 Raw Template:
-
 acl  = "write"
 mesh = "write"
 
-agent_prefix "" {
+agent "{{.Name}}" {
   policy = "read"
 }
 node "{{.Name}}" {
@@ -18,3 +17,4 @@ node "{{.Name}}" {
 service_prefix "" {
   policy = "write"
 }
+