ACL: Read logs on allocations / task overview -> permission denied with "read-logs"

Nomad
1

Hello,

at the moment we have:

# Allow writing to the QA namespace
namespace "backoffice-test" {
    policy = "read"
    capabilities = ["submit-job","dispatch-job","read-logs"]
}

and the developer can read logs on the task … but the window is a bit small. If you want to read the (same) logs on the same tab, like where also “files” is … then we get a permission denied:

image
image1209×294 18.6 KB

Is it possible to add a permission, so that the developer can also use this “tab” to view the logfiles ?

cu denny

2

Hi @linuxmail,

When using the UI from this page to read logs, the page will make a call to /v1/node/:node_id in order to find the address of the client running the application you wish to view logs for. I believe adding node { policy = "read" } would then allow this ACL policy to work on that mentioned page.

Thanks,
jrasell and the Nomad team

1 Like
3

hi,

it works :slight_smile:

thanks

1 Like