Exercising hashicorp/nomad#5944: UI: Change Run Job availability based on ACLs

anonymous-policy.hcl

namespace "list-only-namespace" {
	capabilities = ["list-jobs"]
}

namespace "permissive-namespace" {
	policy = "write"
}

namespace "wildcard-*" {
	capabilities = ["list-jobs"]
}

agent {
	policy = "read"
}

node {
	policy = "read"
}

client-acl.hcl

acl = {
  enabled = true
}

setup-and-test.sh

export NOMAD_TOKEN=`nomad acl bootstrap | grep "Secret ID" | cut -d " " -f 7`
echo "Management token: $NOMAD_TOKEN"

export USER_NOMAD_TOKEN=`nomad acl token create -name=user -policy=user| grep "Secret ID" | cut -d " " -f 7`
echo "User token: $USER_NOMAD_TOKEN"

nomad acl policy apply anonymous anonymous-policy.hcl
nomad acl policy apply user user-policy.hcl

nomad namespace apply list-only-namespace
nomad namespace apply permissive-namespace
nomad namespace apply wildcard-something
nomad namespace apply wildcard-specific
nomad namespace apply other

# Now if you run the UI, you can try it out with the management token, the user token, and without a token (anonymous).

start-agent.sh

# Must be at least Nomad 0.10.2
nomad agent -dev -config=client-acl.hcl

user-policy.hcl

namespace "list-only-namespace" {
	capabilities = ["list-jobs"]
}

namespace "permissive-namespace" {
	policy = "write"
}

namespace "wildcard-*" {
	policy = "write"
}

namespace "wildcard-specific" {
	capabilities = ["list-jobs"]
}

namespace "default" {
	policy = "write"
}

agent {
	policy = "read"
}

node {
	policy = "read"
}