-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parse-job access is missing from ACL write defaults #12254
Comments
Hi @idrennanvmware! I took a look at the code and also tried to test the behavior and I think this is a documentation issue. With a policy like: namespace "*" {
policy = "write"
} I was able to validate a jobspec. If you look at the ACLs code you can see that the new All that being said, you mentioned that there was a failed regression test. Can you share the policy file and error you saw? Maybe there's something we missed. That documentation page is in a closed repo. I'll open up a PR over there shortly to fix the docs as well. |
@idrennanvmware another documentation piece that is missing is that the I opened #12258 to describe this. |
Apologies for not getting back sooner - was OOO. You are right - our test failures weren't related to the policy and the "fix" was just a timing issue that gave us the red herring. I believe you are both right and it's just missing from documentation and the 'write' section needs to be updated. Functionally the root cause of our problem was actually latency from the time a token was issued from Nomad until it was valid for use. Interestingly we haven't encountered this in the past so the latency seems new (we were creating and immediately using a token) - we just ensure the token is valid now in our tests and move on. Not sure why it's more latent than before or if there are external factors contributing - but please feel free to close this issue when you're ready. Thanks for the help and time - apologies for the misdirection. |
I've got the PR for Learn open and once that gets merged for deployment, I'll close it this issue. |
I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. |
When upgrading to Nomad 1.2.6 we noticed a functional regression in our tests. This was caused due to a test that was using the "write" acl (documented here: https://learn.hashicorp.com/tutorials/nomad/access-control-policies?in=nomad/access-control#write) which is missing the 'parse-job' granular item and is only present in "read" currently.
Request is to add this to the "write" as well
Thanks!
Ian
The text was updated successfully, but these errors were encountered: