Unable to access Variables with ACL

[mr-karan]

Nomad version

Output from nomad version

1.4.1

Issue

I've created an ACL Policy to allow Job operators to "list" and "read" all secrets under the path nomad/jobs. However that ACL policy seems to have no effect as these secrets are still not visible to the user with a token from this policy.

Reproduction steps

I've created an ACL Policy for job operators:

namespace "dev" {
  policy = "write"

  variables {
    path "nomad/jobs/*" {
      capabilities = ["read", "list"]
    }
  }
}


plugin {
  policy = "read"
}

node {
  policy = "read"
}

quota {
  policy = "read"
}

Expected Result

The above policy is for dev namespace and it should allow listing and reading all variables inside nomad/jobs path.

Actual Result

However, on opening the UI as a job operator with that policy, I only see this:

v/s with a management token:

[jrasell]

Hi @mr-karan and thanks for raising this issue. Whilst I could reproduce this behaviour in v1.4.1, running the same test against v1.4.2 did not produce the same error. I believe this bug was fixed as part of the work conducted for #15012. Would you be able to test you reproduction with v1.4.2?

[mr-karan]

I can confirm this is fixed with 1.4.2.

Thanks a lot!

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.