Your ACL token does not grant permission to submit jobs. - CSI Volume

Hello,

I am trying to submit a Nomad Job to a cluster with ACLs and Nomad is refusing my job with the message “Your ACL token does not grant permission to submit jobs.”.

After some troubleshooting ( deleting one section of the job at a time until the cluster accepted it ). I found that the issue was my csi volume.

job "volume-acl" {
  group "volume-acl" {
   
    volume "data" {
      type = "csi"
      read_only = false
      source = "fffff"
      attachment_mode = "file-system"
      access_mode = "single-node-writer"
      per_alloc = false
    }

    task "volume-acl" {
      driver = "docker"
     
      config {
        image = "bash"
        entrypoint=["sleep","234234"]
      }
    }
  }
}

My token has the following ACL policy:

namespace "*" {
  policy = "write"
  
  capabilities = [
    "submit-job",
    "dispatch-job",
    "read-job",
    "csi-mount-volume",
    "scale-job",
    "parse-job",
    "read-logs",
    "alloc-exec",
    "alloc-lifecycle",
    "csi-read-volume",
    "csi-list-volume",
    "read-fs"
  ]
}

node {
  policy = "write"
}

agent {
  policy = "write"
}

operator {
  policy = "write"
}

quota {
  policy = "write"
}

host_volume "*" {
  policy = "write"
}

plugin {
  policy = "write"
}

csi-plugin {
  policy = "write"
}

acl {
  policy = "write"
}

job {
  policy = "write"
}

deployment {
  policy = "write"
}

event_stream {
  policy = "write"
}
csi_volume "*" {
  policy = "write"
}

Why won’t nomad accept my job? csi_volume has policy=“write”

Thanks,

David