09cd01a5f3
This PR adds e2e tests for Consul Namespaces for Nomad Enterprise with Consul ACLs enabled. Needed to add support for Consul ACL tokens with `namespace` and `namespace_prefix` blocks, which Nomad parses and validates before tossing the token. These bits will need to be picked back to OSS.
23 lines
590 B
HCL
23 lines
590 B
HCL
// The operator=write permission is required for creating config entries for
|
|
// connect ingress gateways. operator ACLs are not namespaced, though the
|
|
// config entries they can generate are.
|
|
operator = "write"
|
|
|
|
namespace_prefix "" {
|
|
// The acl=write permission is required for generating Consul Service Identity
|
|
// tokens for consul connect services. Those services could be configured for
|
|
// any Consul namespace the job-submitter has access to.
|
|
acl = "write"
|
|
}
|
|
|
|
service_prefix "" {
|
|
policy = "write"
|
|
}
|
|
|
|
agent_prefix "" {
|
|
policy = "read"
|
|
}
|
|
|
|
node_prefix "" {
|
|
policy = "read"
|
|
} |