From 04095bdea92b941dab840c61d73e02e7ffbacaf5 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Fri, 7 Jan 2022 16:18:41 -0500 Subject: [PATCH] docs: note that clients need to have ACLs enabled (#11799) Client endpoints such as `alloc exec` are enforced on the client if the API client or CLI has "line of sight" to the client. This is already in the Learn guide but having it in the ACL configuration docs would be helpful. --- website/content/docs/configuration/acl.mdx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/website/content/docs/configuration/acl.mdx b/website/content/docs/configuration/acl.mdx index f64142bab..90e733ee0 100644 --- a/website/content/docs/configuration/acl.mdx +++ b/website/content/docs/configuration/acl.mdx @@ -25,7 +25,10 @@ acl { ## `acl` Parameters - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other - ACL configuration options depend on this value. + ACL configuration options depend on this value. Note that the Nomad command + line client will send requests for client endpoints such as `alloc exec` + directly to Nomad clients whenever they are accessible. In this scenario, the + client will enforce ACLs, so both servers and clients should have ACLs enabled. - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for cached ACL tokens. This does not affect servers, since they do not cache tokens.