diff --git a/e2e/terraform/etc/nomad.d/base.hcl b/e2e/terraform/etc/nomad.d/base.hcl index 578603ba8..e3c523145 100644 --- a/e2e/terraform/etc/nomad.d/base.hcl +++ b/e2e/terraform/etc/nomad.d/base.hcl @@ -7,6 +7,16 @@ audit { enabled = true } +acl { + enabled = true + + # These values are used by the testACLTokenExpiration test within the acl + # test suite. If these need to be updated, please ensure the new values are + # reflected within the test suite and do not break the tests. Thanks. + token_min_expiration_ttl = "1s" + token_max_expiration_ttl = "24h" +} + telemetry { collection_interval = "1s" disable_hostname = true diff --git a/e2e/terraform/etc/nomad.d/server-linux.hcl b/e2e/terraform/etc/nomad.d/server-linux.hcl index 9b844b79f..385e208f1 100644 --- a/e2e/terraform/etc/nomad.d/server-linux.hcl +++ b/e2e/terraform/etc/nomad.d/server-linux.hcl @@ -2,13 +2,3 @@ server { enabled = true bootstrap_expect = 3 } - -acl { - enabled = true - - # These values are used by the testACLTokenExpiration test within the acl - # test suite. If these need to be updated, please ensure the new values are - # reflected within the test suite and do not break the tests. Thanks. - token_min_expiration_ttl = "1s" - token_max_expiration_ttl = "24h" -} diff --git a/website/content/docs/configuration/acl.mdx b/website/content/docs/configuration/acl.mdx index 19db95fcc..3f7a8dde1 100644 --- a/website/content/docs/configuration/acl.mdx +++ b/website/content/docs/configuration/acl.mdx @@ -26,10 +26,11 @@ acl { ## `acl` Parameters - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other - ACL configuration options depend on this value. Note that the Nomad command - line client will send requests for client endpoints such as `alloc exec` - directly to Nomad clients whenever they are accessible. In this scenario, the - client will enforce ACLs, so both servers and clients should have ACLs enabled. + ACL configuration options depend on this value. All agents should have the + same value for this parameter. For example the Nomad command line will + send requests for client endpoints such as `alloc exec` directly to Nomad + clients whenever they are accessible. In this scenario, the client will + enforce ACLs, so both servers and clients should have ACLs enabled. - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for cached ACL tokens. This does not affect servers, since they do not cache tokens.