Update policies to scope agent access.

2024-11-13 10:03:13 +11:00 · 2024-11-13 10:03:13 +11:00 · 1ba81be2f8
parent b00c1a8b59
commit 1ba81be2f8
6 changed files with 10 additions and 10 deletions
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
@ -1,4 +1,4 @@
-agent_prefix "" {
+agent "{{.Name}}" {
  policy = "read"
 }
 node "{{.Name}}" {
@ -9,4 +9,4 @@ service_prefix "" {
 }
 key_prefix "" {
  policy = "read"
-}
+}
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
@ -1,8 +1,7 @@
-
 acl  = "write"
 mesh = "write"

-agent_prefix "" {
+agent "{{.Name}}" {
  policy = "read"
 }
 node "{{.Name}}" {
@ -10,4 +9,4 @@ node "{{.Name}}" {
 }
 service_prefix "" {
  policy = "write"
-}
+}
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
@ -1,6 +1,6 @@
 {
    "TemplateName": "builtin/nomad-client",
    "Schema": "",
-    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
+    "Template": "agent \"{{.Name}}\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}\n",
    "Description": "Gives the token or role permissions required for integration with a nomad client."
 }
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
@ -5,7 +5,7 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/nomad-client -var name:node-1
 Raw Template:
-agent_prefix "" {
+agent "{{.Name}}" {
  policy = "read"
 }
 node "{{.Name}}" {
@ -17,3 +17,4 @@ service_prefix "" {
 key_prefix "" {
  policy = "read"
 }
+
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
@ -1,6 +1,6 @@
 {
    "TemplateName": "builtin/nomad-server",
    "Schema": "",
-    "Template": "\nacl  = \"write\"\nmesh = \"write\"\n\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
+    "Template": "acl  = \"write\"\nmesh = \"write\"\n\nagent \"{{.Name}}\" {\n  policy = \"read\"\n}\nnode \"{{.Name}}\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\n",
    "Description": "Gives the token or role permissions required for integration with a nomad server."
 }
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
@ -5,11 +5,10 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/nomad-server -var name:node-1
 Raw Template:
-
 acl  = "write"
 mesh = "write"

-agent_prefix "" {
+agent "{{.Name}}" {
  policy = "read"
 }
 node "{{.Name}}" {
@ -18,3 +17,4 @@ node "{{.Name}}" {
 service_prefix "" {
  policy = "write"
 }
+