Hi,
I have anonymous token ACL policy on a Nomad cluster as follows:
namespace "default" {
policy = "read"
capabilities = ["list-jobs"]
}
...
With this policy, I can still inspect the job anonymously (which seems rather granular rather than coarse?)
nomad job inspect blah
{
"Job": {
"Affinities": null,
"AllAtOnce": false,
"Constraints": null,
....
Is this the expected behaviour?
How could I configure the policy so that:
~% nomad job status
shows me the list of jobs, but it’s not possible to inspect them.
Same behaviour happens in the UI - under the definition tab for the job.