From b9581ad1878c81690f28313421f5d3bff3c27ea5 Mon Sep 17 00:00:00 2001
From: hc-github-team-nomad-core
 <82989552+hc-github-team-nomad-core@users.noreply.github.com>
Date: Fri, 3 Nov 2023 03:59:05 -0500
Subject: [PATCH] backport of commit 5f98e6473ccf2c5dd643fa6d79c43d113c56519b
 (#18987)

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
---
 nomad/mock/acl.go    | 4 ++--
 nomad/structs/acl.go | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/nomad/mock/acl.go b/nomad/mock/acl.go
index 6d2d676cb..309447fae 100644
--- a/nomad/mock/acl.go
+++ b/nomad/mock/acl.go
@@ -268,7 +268,7 @@ func ACLOIDCAuthMethod() *structs.ACLAuthMethod {
 	method := structs.ACLAuthMethod{
 		Name:          fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
 		Type:          "OIDC",
-		TokenLocality: "local",
+		TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
 		MaxTokenTTL:   maxTokenTTL,
 		Default:       false,
 		Config: &structs.ACLAuthMethodConfig{
@@ -297,7 +297,7 @@ func ACLJWTAuthMethod() *structs.ACLAuthMethod {
 	method := structs.ACLAuthMethod{
 		Name:          fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
 		Type:          "JWT",
-		TokenLocality: "local",
+		TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
 		MaxTokenTTL:   maxTokenTTL,
 		Default:       false,
 		Config: &structs.ACLAuthMethodConfig{
diff --git a/nomad/structs/acl.go b/nomad/structs/acl.go
index 1495a0116..61315584a 100644
--- a/nomad/structs/acl.go
+++ b/nomad/structs/acl.go
@@ -222,7 +222,7 @@ var (
 	// ValidACLAuthMethod is used to validate an ACL auth method name.
 	ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
 
-	// ValitACLAuthMethodTypes lists supported auth method types.
+	// ValidACLAuthMethodTypes lists supported auth method types.
 	ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
 )
 
@@ -924,7 +924,7 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
 		mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name))
 	}
 
-	if !slices.Contains([]string{"local", "global"}, a.TokenLocality) {
+	if !slices.Contains([]string{ACLAuthMethodTokenLocalityLocal, ACLAuthMethodTokenLocalityGlobal}, a.TokenLocality) {
 		mErr.Errors = append(
 			mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality))
 	}
@@ -945,7 +945,9 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
 
 // TokenLocalityIsGlobal returns whether the auth method creates global ACL
 // tokens or not.
-func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool { return a.TokenLocality == "global" }
+func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool {
+	return a.TokenLocality == ACLAuthMethodTokenLocalityGlobal
+}
 
 // ACLAuthMethodConfig is used to store configuration of an auth method
 type ACLAuthMethodConfig struct {