open-nomad/e2e/consulacls/nomad-server-policy.hcl

// The operator=write permission is required for creating config entries for
// connect ingress gateways. operator ACLs are not namespaced, though the
// config entries they can generate are.
operator = "write"

namespace_prefix "" {
  // The acl=write permission is required for generating Consul Service Identity
  // tokens for consul connect services. Those services could be configured for
  // any Consul namespace the job-submitter has access to.
  acl = "write"
}

service_prefix "" {
  policy = "write"
}

agent_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}
e2e: add e2e test for consul connect ingress gateway demo Add the ingress gateway example from the noamd connect examples to the e2e Connect suite. Includes the ACLs enabled version, which means the nomad server consul acl policy will require operator=write permission. 2020-11-25 20:30:22 +00:00			`// The operator=write permission is required for creating config entries for`
e2e: add e2e tests for consul namespaces on ent with acls This PR adds e2e tests for Consul Namespaces for Nomad Enterprise with Consul ACLs enabled. Needed to add support for Consul ACL tokens with `namespace` and `namespace_prefix` blocks, which Nomad parses and validates before tossing the token. These bits will need to be picked back to OSS. 2021-04-20 20:23:30 +00:00			`// connect ingress gateways. operator ACLs are not namespaced, though the`
			`// config entries they can generate are.`
e2e: add e2e test for consul connect ingress gateway demo Add the ingress gateway example from the noamd connect examples to the e2e Connect suite. Includes the ACLs enabled version, which means the nomad server consul acl policy will require operator=write permission. 2020-11-25 20:30:22 +00:00			`operator = "write"`

e2e: add e2e tests for consul namespaces on ent with acls This PR adds e2e tests for Consul Namespaces for Nomad Enterprise with Consul ACLs enabled. Needed to add support for Consul ACL tokens with `namespace` and `namespace_prefix` blocks, which Nomad parses and validates before tossing the token. These bits will need to be picked back to OSS. 2021-04-20 20:23:30 +00:00			`namespace_prefix "" {`
			`// The acl=write permission is required for generating Consul Service Identity`
			`// tokens for consul connect services. Those services could be configured for`
			`// any Consul namespace the job-submitter has access to.`
			`acl = "write"`
			`}`

e2e: setup consul ACLs a little more correctly 2020-01-28 22:33:59 +00:00			`service_prefix "" {`
			`policy = "write"`
			`}`

e2e: minimize Consul ACL policies used in e2e tests Issue #7523 documents the Consul ACLs used in each Consul interface used by Nomad. Minimize the policies used in e2e tests so that we are setting a good example. 2020-03-30 17:37:03 +00:00			`agent_prefix "" {`
			`policy = "read"`
e2e: setup consul ACLs a little more correctly 2020-01-28 22:33:59 +00:00			`}`

e2e: minimize Consul ACL policies used in e2e tests Issue #7523 documents the Consul ACLs used in each Consul interface used by Nomad. Minimize the policies used in e2e tests so that we are setting a good example. 2020-03-30 17:37:03 +00:00			`node_prefix "" {`
e2e: setup consul ACLs a little more correctly 2020-01-28 22:33:59 +00:00			`policy = "read"`
e2e: add e2e test for consul connect ingress gateway demo Add the ingress gateway example from the noamd connect examples to the e2e Connect suite. Includes the ACLs enabled version, which means the nomad server consul acl policy will require operator=write permission. 2020-11-25 20:30:22 +00:00			`}`