more elaborate acl policy self output

Author: pkazmierczak

command/acl_policy_self.go

@@ -101,12 +101,28 @@ func (c *ACLPolicySelfCommand) Run(args []string) int {
 		}
 
 		output := make([]string, 0, len(policies)+1)
-		output = append(output, "Name|Description")
+		output = append(output, "Name|Job ID|Group Name|Task Name")
 		for _, p := range policies {
-			output = append(output, fmt.Sprintf("%s|%s", p.Name, p.Description))
+			var outputString string
+			if p.JobACL == nil {
+				outputString = fmt.Sprintf("%s|%s|%s|%s", p.Name, "<unavailable>", "<unavailable>", "<unavailable>")
+			} else {
+				outputString = fmt.Sprintf(
+					"%s|%s|%s|%s",
+					p.Name, formatJobACL(p.JobACL.JobID), formatJobACL(p.JobACL.Group), formatJobACL(p.JobACL.Task),
+				)
+			}
+			output = append(output, outputString)
 		}
 
 		c.Ui.Output(formatList(output))
 	}
 	return 0
 }
+
+func formatJobACL(jobACL string) string {
+	if jobACL == "" {
+		return "<not specified>"
+	}
+	return jobACL
+}

command/acl_policy_self_test.go

@@ -65,12 +65,15 @@ func TestACLPolicySelfCommand_ViaEnvVar(t *testing.T) {
 	must.MapContainsKey(t, alloc.SignedIdentities, "t")
 	wid := alloc.SignedIdentities["t"]
 
-	// Fetch info on a token with a JWT
+	// Fetch info on policies with a JWT
 	t.Setenv("NOMAD_TOKEN", wid)
 	code := cmd.Run([]string{"-address=" + url})
 	must.Zero(t, code)
 
 	// Check the output
 	out := ui.OutputWriter.String()
 	must.StrContains(t, out, polArgs.Policies[0].Name)
+
+	// make sure we put the job ACLs in there, too
+	must.StrContains(t, out, polArgs.Policies[0].JobACL.JobID)
 }

website/content/docs/commands/acl/policy/self.mdx

@@ -34,6 +34,22 @@ Fetch information about an existing ACL policies attached to the workload:
 $ echo $NOMAD_TOKEN
 eyJhbGciOiJSUzI1NiIsImtpZCI6ImJiMmUwYjI5LTIyZTYtYjk0My0yN2M1LThkYmNmMjc5ODM0MCIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJub21hZHByb2plY3QuaW8iLCJpYXQiOjE3NDM2OTI5NzksImp0aSI6IjJmOWI3ZGRmLWU1M2ItZGMxNS1kMzU4LTAyMDk5NjE1NThlMyIsIm5iZiI6MTc0MzY5Mjk3OSwibm9tYWRfYWxsb2NhdGlvbl9pZCI6IjhjMGJjMWFjLWRlMzMtYTNlYi03YWUwLTZiZjM3OGY5YzcxYiIsIm5vbWFkX2pvYl9pZCI6Im5vbWFkIiwibm9tYWRfbmFtZXNwYWNlIjoiZGVmYXVsdCIsIm5vbWFkX3Rhc2siOiJzZXJ2ZXIiLCJzdWIiOiJnbG9iYWw6ZGVmYXVsdDpub21hZDpub21hZDpzZXJ2ZXI6ZGVmYXVsdCJ9.IDZWTqGWRURDwI5OvO3LLjCsU1qzg6LEG4q5S7CfZawUXzMqAOoYajI_nynOGJp2aU77MqUyJmdFtrIBMoQnIxclEwNl9DkhfOrgjBsWefn9JqKEpORGD-0OLzaoYUgbu0k6aXCNktfpvHZN5uUsfL6nLOG-osQvHn9ZdboT31tjp1v6d-MfP96ZLG0NrXgLWMfwan2AAzuqMabIS9iO6OrZDNp2-TeeY_sqM-7sNEgfDo33GAeyhqTi8CAZhsDOv4wtJuFfMhrsbb33wHdAiltjXlafBtncMMaLHr07gbLvOMfty2_193i4Yi3H2PgPr7c4BYHoXyQJhFchDyYmFA
 $ nomad acl policy self
-Name          Description
-nomad-policy  A Nomad policy
+Name          Job ID  Group Name  Task Name
+nomad-policy  nomad   nomad       <not specified>
+$ nomad acl policy self -json
+{
+    "nomad-policy": {
+        "CreateIndex": 21,
+        "Description": "",
+        "JobACL": {
+            "Group": "nomad",
+            "JobID": "nomad",
+            "Namespace": "default",
+            "Task": ""
+        },
+        "ModifyIndex": 21,
+        "Name": "nomad-policy",
+        "Rules": "# Allow read only access to the default namespace\ndescription = \"A Nomad policy\"\nnamespace \"default\" {\n  policy = \"read\"\n}\n\n# Allow writing to the `foo` namespace\nnamespace \"foo\" {\n  policy = \"write\"\n}\n\nagent {\n  policy = \"read\"\n}\n\nnode {\n  policy = \"read\"\n}\n\nquota {\n  policy = \"read\"\n}\n"
+    }
+}
 ```