Skip to content

acl: an ACL token can be created referencing the same policy multiple times #14073

New issue
New issue
Open
Open
acl: an ACL token can be created referencing the same policy multiple times#14073
Labels
theme/auththeme/coretype/bug
@jrasell

Description

@jrasell
jrasell
opened on Aug 10, 2022

Nomad version

Nomad v1.3.3 (428b2cd8014c48ee9eae23f02712b7219da16d30)

Operating system and Environment details

Tested locally on macOS using a development agent.

Issue

A Nomad ACL token can be created referencing a policy multiple times with the array never being deduplicated. This results in the duplicate policies being shown via the CLI and API and means the internal resolve token functions have extra work than is necessary.

Reproduction steps

  1. Run a development agent using the following config snippet to ensure ACLs are enabled:
acl {
  enabled = true
}

  1. Bootstrap the ACL system via the nomad acl boostrap command.

  2. Create an ACL policy using the example policy below via the nomad acl policy apply -token=<root_token> test <file_path>:

node {
  policy = "read"
}
  1. Create an ACL token referencing the created policy multiple times by running nomad acl token create -policy=test -policy=test

Expected Result

The policy name array is deduplicated before being written to state.

Actual Result

The token create output shows the policy link duplicated:

Accessor ID  = <accessor_id>
Secret ID    = <secret_id>
Name         = <none>
Type         = client
Global       = false
Policies     = [test test]
Create Time  = 2022-08-10 07:18:23.87098 +0000 UTC
Create Index = 20
Modify Index = 20

Metadata

Metadata

Assignees

No one assigned

    Labels

    theme/auththeme/coretype/bug

    Type

    No type

    Projects

    Nomad - Community Issues Triage

    Status

    Needs Roadmapping

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions