Evaluations UI Permissions Issue with Namespaces

[louievandyke]

Nomad version

Output from nomad version

verified on version 1.3.0-rc1 and version 1.2.6

Operating system and Environment details

18.04.1-Ubuntu

Issue

The evaluations link in the UI does not allow users to access the page, even though the token has write permissions to the namespace per the policy.

Reproduction steps

Adding a policy like below results in permissions errors when accessing the evaluations link in the UI while in the specified namespace. (Please see attachment for the image error from the UI)

lvandyke_hashicorp_com@hashistack-server-1:~$ nomad acl policy info foobar
Name        = foobar
Description = foo, bar namespace test access
Rules       = agent {
policy = "read"
}

node {
policy = "read"
}

operator {
policy = "read"
}

namespace "foo" {
policy = "write"
}

namespace "bar" {
policy = "write"
}

Expected Result

Since the policy allows write access to the namespace the expectation is that a user would be able to view the related evaluations within the UI.

Actual Result

Permissions error. Please see attachment.

I opened up developer tools in Chrome and do notice that when I'm in the namespace "bar", that when I click on the evaluations link the payload sent includes a namespace=* - I suspect that the wildcard is causing the permissions issue.

Job file (if appropriate)

Nomad Server logs (if appropriate)

Nomad Client logs (if appropriate)

[philrenaud]

Hi @louievandyke — the changes from #13530 should resolve this issue. Evaluations will now load in the UI for any token, and provide as many as the token's namespace rules allow.

Thanks so much for raising the issue!

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.