[feature] - provide better granularity for ACL policies

[henrikjohansen]

Nomad version

Nomad v0.9.1+ent

Issue

The current implementation of ACL policies provides basic segmentation and access control but falls short in a number of areas.

For example :

$ cat tenant-a.acl
# allow	write access to	tenant-a namespace
namespace "tenant-a" {
  policy = "write"
}

quota {
  policy = "read"
}

node {
  policy = "read"
}

• a tenant on a Nomad Cluster can either read no quotas or all quotas (including those belonging to other tenants).
• a tenant on a Nomad Cluster can either read no nodes or all nodes (including those where no allocations for tenant-a are running).

In environments with low-trust boundaries or sensitive workloads this kind of unintentional disclosure of information is really not ideal.

Ideally one should be able to construct ACL policies such as this :

$ cat tenant-a-policy.hcl
# allow	write access to	tenant-a namespace
namespace "tenant-a" {
  policy = "write"
}

# allow read access to quota for this tenant
quota "tenant-a" {
  policy = "read"
}

# allow read access to the nodes for this tenant
node "tenant-a.*" {
  policy = "read"
}

Ideally multiple quota / node stanzas should also be supported ...

[henrikjohansen]

Closed in favor of #9923

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.