alloc/exec: WebSocket 1011 acl token lookup failed: index error: UUID must be 36 characters

[Thunderbottom]

Nomad version

$ nomad version
Nomad v1.2.3 (a79efc8422082c4790046c3f5ad92c542592a54f)

Operating system and Environment details

$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Issue

If the ACL Token set in localstorage contains spaces, any RPC calls to Allocations.Exec results in:

  Connection Closed: 1011 acl token lookup failed: index error: UUID must be 36 characters

Screenshots:

Allocation Exec Websocket:

Request Headers:

Reproduction steps

1. Set token in https://<nomad-instance>/ui/settings/tokens, preferably with an added space before the token. The token gets set correctly, which means that the system is handling spaces just fine. Example Token: " XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

2. Exec into any allocation through the web UI, which would fail as described above.

Expected Result

The system should consistently handle spaces in the ACL tokens correctly. Since it accepts tokens with prefixed/suffixed spaces while authenticating, Allocations.Exec should not fail either and users should be allowed to exec into allocations.

Actual Result

Any RPC call to Allocations.Exec fails.

Proposed fix

See #11897

[jrasell]

Hi @Thunderbottom and thanks for raising this along with the PR. We will try and review this in a timely manner and provide any feedback we can.

[tgross]

Will be fixed in #16469