hashicorp · schmichael · Mar 16, 2023 · Mar 16, 2023 · Mar 16, 2023
@@ -7,6 +7,16 @@ audit {
   enabled = true
 }
 
+acl {
+  enabled = true
+
+  # These values are used by the testACLTokenExpiration test within the acl
+  # test suite. If these need to be updated, please ensure the new values are
+  # reflected within the test suite and do not break the tests. Thanks.
+  token_min_expiration_ttl = "1s"
+  token_max_expiration_ttl = "24h"
+}
+
 telemetry {
   collection_interval        = "1s"
   disable_hostname           = true

@@ -2,13 +2,3 @@ server {
   enabled          = true
   bootstrap_expect = 3
 }
-
-acl {
-  enabled = true
-
-  # These values are used by the testACLTokenExpiration test within the acl
-  # test suite. If these need to be updated, please ensure the new values are
-  # reflected within the test suite and do not break the tests. Thanks.
-  token_min_expiration_ttl = "1s"
-  token_max_expiration_ttl = "24h"
-}
@@ -26,10 +26,11 @@ acl {
 ## `acl` Parameters
 
 - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other
-  ACL configuration options depend on this value. Note that the Nomad command
-  line client will send requests for client endpoints such as `alloc exec`
-  directly to Nomad clients whenever they are accessible. In this scenario, the
-  client will enforce ACLs, so both servers and clients should have ACLs enabled.
+  ACL configuration options depend on this value. All agents should have the
+  same value for this parameter. For example the Nomad command line will
+  send requests for client endpoints such as `alloc exec` directly to Nomad
+  clients whenever they are accessible. In this scenario, the client will
+  enforce ACLs, so both servers and clients should have ACLs enabled.
 
 - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for
   cached ACL tokens. This does not affect servers, since they do not cache tokens.