Update nomad policies to match https://developer.hashicorp.com/nomad/docs/integrations/consul/acl#nomad-agents

2024-10-24 10:31:24 +11:00 · 2024-10-24 10:31:24 +11:00 · e495978eeb
parent f82f5207a1
commit e495978eeb
6 changed files with 12 additions and 8 deletions
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
@ -2,7 +2,7 @@ agent_prefix "" {
  policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
  policy = "write"
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
@ -1,10 +1,12 @@

-acl = "write"
+acl  = "write"
+mesh = "write"
+
 agent_prefix "" {
  policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
  policy = "write"
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
@ -1,6 +1,6 @@
 {
    "TemplateName": "builtin/nomad-client",
    "Schema": "",
-    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
+    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
    "Description": "Gives the token or role permissions required for integration with a nomad client."
 }
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
@ -8,7 +8,7 @@ agent_prefix "" {
  policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
  policy = "write"
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
@ -1,6 +1,6 @@
 {
    "TemplateName": "builtin/nomad-server",
    "Schema": "",
-    "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
+    "Template": "\nacl  = \"write\"\nmesh = \"write\"\n\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
    "Description": "Gives the token or role permissions required for integration with a nomad server."
 }
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
@ -5,12 +5,14 @@ Example usage:
 	consul acl token create -templated-policy builtin/nomad-server
 Raw Template:

-acl = "write"
+acl  = "write"
+mesh = "write"
+
 agent_prefix "" {
  policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
  policy = "write"