SecretID -> AuthToken

api/api.go

@@ -45,8 +45,8 @@ type QueryOptions struct {
 	// Set HTTP parameters on the query.
 	Params map[string]string
 
-	// SecretID is the secret ID of an ACL token
-	SecretID string
+	// AuthToken is the secret ID of an ACL token
+	AuthToken string
 }
 
 // WriteOptions are used to parameterize a write
@@ -58,8 +58,8 @@ type WriteOptions struct {
 	// Namespace is the target namespace for the write.
 	Namespace string
 
-	// SecretID is the secret ID of an ACL token
-	SecretID string
+	// AuthToken is the secret ID of an ACL token
+	AuthToken string
 }
 
 // QueryMeta is used to return meta data about a query
@@ -411,8 +411,8 @@ func (r *request) setQueryOptions(q *QueryOptions) {
 	if q.Namespace != "" {
 		r.params.Set("namespace", q.Namespace)
 	}
-	if q.SecretID != "" {
-		r.token = q.SecretID
+	if q.AuthToken != "" {
+		r.token = q.AuthToken
 	}
 	if q.AllowStale {
 		r.params.Set("stale", "")
@@ -448,8 +448,8 @@ func (r *request) setWriteOptions(q *WriteOptions) {
 	if q.Namespace != "" {
 		r.params.Set("namespace", q.Namespace)
 	}
-	if q.SecretID != "" {
-		r.token = q.SecretID
+	if q.AuthToken != "" {
+		r.token = q.AuthToken
 	}
 }
 

api/api_test.go

@@ -173,7 +173,7 @@ func TestSetQueryOptions(t *testing.T) {
 		AllowStale: true,
 		WaitIndex:  1000,
 		WaitTime:   100 * time.Second,
-		SecretID:   "foobar",
+		AuthToken:  "foobar",
 	}
 	r.setQueryOptions(q)
 
@@ -206,7 +206,7 @@ func TestSetWriteOptions(t *testing.T) {
 	q := &WriteOptions{
 		Region:    "foo",
 		Namespace: "bar",
-		SecretID:  "foobar",
+		AuthToken: "foobar",
 	}
 	r.setWriteOptions(q)
 
@@ -230,7 +230,7 @@ func TestRequestToHTTP(t *testing.T) {
 	q := &QueryOptions{
 		Region:    "foo",
 		Namespace: "bar",
-		SecretID:  "foobar",
+		AuthToken: "foobar",
 	}
 	r.setQueryOptions(q)
 	req, err := r.toHTTP()

client/acl.go

@@ -190,7 +190,7 @@ func (c *Client) resolvePolicies(secretID string, policies []string) ([]*structs
 		Names: fetch,
 		QueryOptions: structs.QueryOptions{
 			Region:     c.Region(),
-			SecretID:   secretID,
+			AuthToken:  secretID,
 			AllowStale: true,
 		},
 	}

client/alloc_watcher.go

@@ -428,7 +428,7 @@ func (p *remotePrevAlloc) migrateAllocDir(ctx context.Context, nodeAddr string)
 	}
 
 	url := fmt.Sprintf("/v1/client/allocation/%v/snapshot", p.prevAllocID)
-	qo := &nomadapi.QueryOptions{SecretID: p.migrateToken}
+	qo := &nomadapi.QueryOptions{AuthToken: p.migrateToken}
 	resp, err := apiClient.Raw().Response(url, qo)
 	if err != nil {
 		prevAllocDir.Destroy()

command/agent/acl_endpoint_test.go

@@ -19,8 +19,8 @@ func TestHTTP_ACLPolicyList(t *testing.T) {
 		args := structs.ACLPolicyUpsertRequest{
 			Policies: []*structs.ACLPolicy{p1, p2, p3},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.GenericResponse
@@ -68,8 +68,8 @@ func TestHTTP_ACLPolicyQuery(t *testing.T) {
 		args := structs.ACLPolicyUpsertRequest{
 			Policies: []*structs.ACLPolicy{p1},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.GenericResponse
@@ -152,8 +152,8 @@ func TestHTTP_ACLPolicyDelete(t *testing.T) {
 		args := structs.ACLPolicyUpsertRequest{
 			Policies: []*structs.ACLPolicy{p1},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.GenericResponse
@@ -231,8 +231,8 @@ func TestHTTP_ACLTokenList(t *testing.T) {
 		args := structs.ACLTokenUpsertRequest{
 			Tokens: []*structs.ACLToken{p1, p2, p3},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.ACLTokenUpsertResponse
@@ -281,8 +281,8 @@ func TestHTTP_ACLTokenQuery(t *testing.T) {
 		args := structs.ACLTokenUpsertRequest{
 			Tokens: []*structs.ACLToken{p1},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.ACLTokenUpsertResponse
@@ -364,8 +364,8 @@ func TestHTTP_ACLTokenDelete(t *testing.T) {
 		args := structs.ACLTokenUpsertRequest{
 			Tokens: []*structs.ACLToken{p1},
 			WriteRequest: structs.WriteRequest{
-				Region:   "global",
-				SecretID: s.RootToken.SecretID,
+				Region:    "global",
+				AuthToken: s.RootToken.SecretID,
 			},
 		}
 		var resp structs.ACLTokenUpsertResponse

command/agent/http.go

@@ -447,7 +447,7 @@ func (s *HTTPServer) parseToken(req *http.Request, token *string) {
 // parse is a convenience method for endpoints that need to parse multiple flags
 func (s *HTTPServer) parse(resp http.ResponseWriter, req *http.Request, r *string, b *structs.QueryOptions) bool {
 	s.parseRegion(req, r)
-	s.parseToken(req, &b.SecretID)
+	s.parseToken(req, &b.AuthToken)
 	parseConsistency(req, b)
 	parsePrefix(req, b)
 	parseNamespace(req, &b.Namespace)
@@ -458,6 +458,6 @@ func (s *HTTPServer) parse(resp http.ResponseWriter, req *http.Request, r *strin
 // write request.
 func (s *HTTPServer) parseWriteRequest(req *http.Request, w *structs.WriteRequest) {
 	parseNamespace(req, &w.Namespace)
-	s.parseToken(req, &w.SecretID)
+	s.parseToken(req, &w.AuthToken)
 	s.parseRegion(req, &w.Region)
 }

command/agent/job_endpoint.go

@@ -358,8 +358,8 @@ func (s *HTTPServer) jobUpdate(resp http.ResponseWriter, req *http.Request,
 		JobModifyIndex: args.JobModifyIndex,
 		PolicyOverride: args.PolicyOverride,
 		WriteRequest: structs.WriteRequest{
-			Region:   args.WriteRequest.Region,
-			SecretID: args.WriteRequest.SecretID,
+			Region:    args.WriteRequest.Region,
+			AuthToken: args.WriteRequest.SecretID,
 		},
 	}
 	s.parseWriteRequest(req, &regReq.WriteRequest)

nomad/acl_endpoint.go

@@ -44,7 +44,7 @@ func (a *ACL) UpsertPolicies(args *structs.ACLPolicyUpsertRequest, reply *struct
 	defer metrics.MeasureSince([]string{"nomad", "acl", "upsert_policies"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -88,7 +88,7 @@ func (a *ACL) DeletePolicies(args *structs.ACLPolicyDeleteRequest, reply *struct
 	defer metrics.MeasureSince([]string{"nomad", "acl", "delete_policies"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -121,7 +121,7 @@ func (a *ACL) ListPolicies(args *structs.ACLPolicyListRequest, reply *structs.AC
 	defer metrics.MeasureSince([]string{"nomad", "acl", "list_policies"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -183,7 +183,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S
 	defer metrics.MeasureSince([]string{"nomad", "acl", "get_policy"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -229,14 +229,14 @@ func (a *ACL) GetPolicies(args *structs.ACLPolicySetRequest, reply *structs.ACLP
 
 	var token *structs.ACLToken
 	var err error
-	if args.SecretID == "" {
+	if args.AuthToken == "" {
 		// No need to look up the anonymous token
 		token = structs.AnonymousACLToken
 	} else {
 		// For client typed tokens, allow them to query any policies associated with that token.
 		// This is used by clients which are resolving the policies to enforce. Any associated
 		// policies need to be fetched so that the client can determine what to allow.
-		token, err = a.srv.State().ACLTokenBySecretID(nil, args.SecretID)
+		token, err = a.srv.State().ACLTokenBySecretID(nil, args.AuthToken)
 		if err != nil {
 			return err
 		}
@@ -420,7 +420,7 @@ func (a *ACL) UpsertTokens(args *structs.ACLTokenUpsertRequest, reply *structs.A
 	defer metrics.MeasureSince([]string{"nomad", "acl", "upsert_tokens"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -507,7 +507,7 @@ func (a *ACL) DeleteTokens(args *structs.ACLTokenDeleteRequest, reply *structs.G
 	defer metrics.MeasureSince([]string{"nomad", "acl", "delete_tokens"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -574,7 +574,7 @@ func (a *ACL) ListTokens(args *structs.ACLTokenListRequest, reply *structs.ACLTo
 	defer metrics.MeasureSince([]string{"nomad", "acl", "list_tokens"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -631,7 +631,7 @@ func (a *ACL) GetToken(args *structs.ACLTokenSpecificRequest, reply *structs.Sin
 	}
 	defer metrics.MeasureSince([]string{"nomad", "acl", "get_token"}, time.Now())
 
-	acl, err := a.srv.ResolveToken(args.SecretID)
+	acl, err := a.srv.ResolveToken(args.AuthToken)
 	if err != nil {
 		return err
 	}
@@ -661,7 +661,7 @@ func (a *ACL) GetToken(args *structs.ACLTokenSpecificRequest, reply *structs.Sin
 
 				// Check management level permissions or that the secret ID matches the
 				// accessor ID
-			} else if !acl.IsManagement() && out.SecretID != args.SecretID {
+			} else if !acl.IsManagement() && out.SecretID != args.AuthToken {
 				return structs.ErrPermissionDenied
 			}
 
@@ -693,7 +693,7 @@ func (a *ACL) GetTokens(args *structs.ACLTokenSetRequest, reply *structs.ACLToke
 	defer metrics.MeasureSince([]string{"nomad", "acl", "get_tokens"}, time.Now())
 
 	// Check management level permissions
-	if acl, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl == nil || !acl.IsManagement() {
 		return structs.ErrPermissionDenied

nomad/acl_endpoint_test.go

@@ -32,8 +32,8 @@ func TestACLEndpoint_GetPolicy(t *testing.T) {
 	get := &structs.ACLPolicySpecificRequest{
 		Name: policy.Name,
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.SingleACLPolicyResponse
@@ -86,7 +86,7 @@ func TestACLEndpoint_GetPolicy_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 150,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	var resp structs.SingleACLPolicyResponse
@@ -147,8 +147,8 @@ func TestACLEndpoint_GetPolicies(t *testing.T) {
 	get := &structs.ACLPolicySetRequest{
 		Names: []string{policy.Name, policy2.Name},
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.ACLPolicySetResponse
@@ -190,8 +190,8 @@ func TestACLEndpoint_GetPolicies_TokenSubset(t *testing.T) {
 	get := &structs.ACLPolicySetRequest{
 		Names: []string{policy.Name},
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: token.SecretID,
+			Region:    "global",
+			AuthToken: token.SecretID,
 		},
 	}
 	var resp structs.ACLPolicySetResponse
@@ -244,7 +244,7 @@ func TestACLEndpoint_GetPolicies_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 150,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	var resp structs.ACLPolicySetResponse
@@ -307,8 +307,8 @@ func TestACLEndpoint_ListPolicies(t *testing.T) {
 	// Lookup the policies
 	get := &structs.ACLPolicyListRequest{
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.ACLPolicyListResponse
@@ -321,9 +321,9 @@ func TestACLEndpoint_ListPolicies(t *testing.T) {
 	// Lookup the policies by prefix
 	get = &structs.ACLPolicyListRequest{
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			Prefix:   "aaaabb",
-			SecretID: root.SecretID,
+			Region:    "global",
+			Prefix:    "aaaabb",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp2 structs.ACLPolicyListResponse
@@ -356,7 +356,7 @@ func TestACLEndpoint_ListPolicies_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 1,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	start := time.Now()
@@ -409,8 +409,8 @@ func TestACLEndpoint_DeletePolicies(t *testing.T) {
 	req := &structs.ACLPolicyDeleteRequest{
 		Names: []string{p1.Name},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.GenericResponse
@@ -434,8 +434,8 @@ func TestACLEndpoint_UpsertPolicies(t *testing.T) {
 	req := &structs.ACLPolicyUpsertRequest{
 		Policies: []*structs.ACLPolicy{p1},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.GenericResponse
@@ -465,8 +465,8 @@ func TestACLEndpoint_UpsertPolicies_Invalid(t *testing.T) {
 	req := &structs.ACLPolicyUpsertRequest{
 		Policies: []*structs.ACLPolicy{p1},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.GenericResponse
@@ -492,8 +492,8 @@ func TestACLEndpoint_GetToken(t *testing.T) {
 	get := &structs.ACLTokenSpecificRequest{
 		AccessorID: token.AccessorID,
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.SingleACLTokenResponse
@@ -513,7 +513,7 @@ func TestACLEndpoint_GetToken(t *testing.T) {
 
 	// Lookup the token by accessor id using the tokens secret ID
 	get.AccessorID = token.AccessorID
-	get.SecretID = token.SecretID
+	get.AuthToken = token.SecretID
 	var resp2 structs.SingleACLTokenResponse
 	if err := msgpackrpc.CallWithCodec(codec, "ACL.GetToken", get, &resp2); err != nil {
 		t.Fatalf("err: %v", err)
@@ -556,7 +556,7 @@ func TestACLEndpoint_GetToken_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 150,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	var resp structs.SingleACLTokenResponse
@@ -617,8 +617,8 @@ func TestACLEndpoint_GetTokens(t *testing.T) {
 	get := &structs.ACLTokenSetRequest{
 		AccessorIDS: []string{token.AccessorID, token2.AccessorID},
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.ACLTokenSetResponse
@@ -673,7 +673,7 @@ func TestACLEndpoint_GetTokens_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 150,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	var resp structs.ACLTokenSetResponse
@@ -737,8 +737,8 @@ func TestACLEndpoint_ListTokens(t *testing.T) {
 	// Lookup the tokens
 	get := &structs.ACLTokenListRequest{
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.ACLTokenListResponse
@@ -751,9 +751,9 @@ func TestACLEndpoint_ListTokens(t *testing.T) {
 	// Lookup the tokens by prefix
 	get = &structs.ACLTokenListRequest{
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			Prefix:   "aaaabb",
-			SecretID: root.SecretID,
+			Region:    "global",
+			Prefix:    "aaaabb",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp2 structs.ACLTokenListResponse
@@ -767,8 +767,8 @@ func TestACLEndpoint_ListTokens(t *testing.T) {
 	get = &structs.ACLTokenListRequest{
 		GlobalOnly: true,
 		QueryOptions: structs.QueryOptions{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp3 structs.ACLTokenListResponse
@@ -801,7 +801,7 @@ func TestACLEndpoint_ListTokens_Blocking(t *testing.T) {
 		QueryOptions: structs.QueryOptions{
 			Region:        "global",
 			MinQueryIndex: 2,
-			SecretID:      root.SecretID,
+			AuthToken:     root.SecretID,
 		},
 	}
 	start := time.Now()
@@ -854,8 +854,8 @@ func TestACLEndpoint_DeleteTokens(t *testing.T) {
 	req := &structs.ACLTokenDeleteRequest{
 		AccessorIDs: []string{p1.AccessorID},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.GenericResponse
@@ -979,8 +979,8 @@ func TestACLEndpoint_UpsertTokens(t *testing.T) {
 	req := &structs.ACLTokenUpsertRequest{
 		Tokens: []*structs.ACLToken{p1},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.ACLTokenUpsertResponse
@@ -1035,8 +1035,8 @@ func TestACLEndpoint_UpsertTokens_Invalid(t *testing.T) {
 	req := &structs.ACLTokenUpsertRequest{
 		Tokens: []*structs.ACLToken{p1},
 		WriteRequest: structs.WriteRequest{
-			Region:   "global",
-			SecretID: root.SecretID,
+			Region:    "global",
+			AuthToken: root.SecretID,
 		},
 	}
 	var resp structs.GenericResponse

nomad/alloc_endpoint.go

@@ -23,7 +23,7 @@ func (a *Alloc) List(args *structs.AllocListRequest, reply *structs.AllocListRes
 	defer metrics.MeasureSince([]string{"nomad", "alloc", "list"}, time.Now())
 
 	// Check namespace read-job permissions
-	if aclObj, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -80,7 +80,7 @@ func (a *Alloc) GetAlloc(args *structs.AllocSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "alloc", "get_alloc"}, time.Now())
 
 	// Check namespace read-job permissions
-	if aclObj, err := a.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := a.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied

nomad/alloc_endpoint_test.go

@@ -117,19 +117,19 @@ func TestAllocEndpoint_List_ACL(t *testing.T) {
 	assert.NotNil(msgpackrpc.CallWithCodec(codec, "Alloc.List", get, &resp), "RPC")
 
 	// Try with a valid token
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Alloc.List", get, &resp), "RPC")
 	assert.EqualValues(resp.Index, 1000, "resp.Index")
 	assert.Equal(stubAllocs, resp.Allocations, "Returned alloc list not equal")
 
 	// Try with a invalid token
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	err := msgpackrpc.CallWithCodec(codec, "Alloc.List", get, &resp)
 	assert.NotNil(err, "RPC")
 	assert.Equal(err.Error(), structs.ErrPermissionDenied.Error())
 
 	// Try with a root token
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Alloc.List", get, &resp), "RPC")
 	assert.EqualValues(resp.Index, 1000, "resp.Index")
 	assert.Equal(stubAllocs, resp.Allocations, "Returned alloc list not equal")
@@ -276,19 +276,19 @@ func TestAllocEndpoint_GetAlloc_ACL(t *testing.T) {
 	assert.NotNil(msgpackrpc.CallWithCodec(codec, "Alloc.GetAlloc", get, &resp), "RPC")
 
 	// Try with a valid token
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Alloc.GetAlloc", get, &resp), "RPC")
 	assert.EqualValues(resp.Index, 1000, "resp.Index")
 	assert.Equal(alloc, resp.Alloc, "Returned alloc not equal")
 
 	// Try with a invalid token
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	err := msgpackrpc.CallWithCodec(codec, "Alloc.GetAlloc", get, &resp)
 	assert.NotNil(err, "RPC")
 	assert.Equal(err.Error(), structs.ErrPermissionDenied.Error())
 
 	// Try with a root token
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var resp2 structs.SingleAllocResponse
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Alloc.GetAlloc", get, &resp2), "RPC")
 	assert.EqualValues(resp2.Index, 1000, "resp.Index")

nomad/deployment_endpoint.go

@@ -25,7 +25,7 @@ func (d *Deployment) GetDeployment(args *structs.DeploymentSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "get_deployment"}, time.Now())
 
 	// Check namespace read-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -75,7 +75,7 @@ func (d *Deployment) Fail(args *structs.DeploymentFailRequest, reply *structs.De
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "fail"}, time.Now())
 
 	// Check namespace submit-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -117,7 +117,7 @@ func (d *Deployment) Pause(args *structs.DeploymentPauseRequest, reply *structs.
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "pause"}, time.Now())
 
 	// Check namespace submit-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -163,7 +163,7 @@ func (d *Deployment) Promote(args *structs.DeploymentPromoteRequest, reply *stru
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "promote"}, time.Now())
 
 	// Check namespace submit-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -206,7 +206,7 @@ func (d *Deployment) SetAllocHealth(args *structs.DeploymentAllocHealthRequest,
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "set_alloc_health"}, time.Now())
 
 	// Check namespace submit-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -252,7 +252,7 @@ func (d *Deployment) List(args *structs.DeploymentListRequest, reply *structs.De
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "list"}, time.Now())
 
 	// Check namespace read-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -308,7 +308,7 @@ func (d *Deployment) Allocations(args *structs.DeploymentSpecificRequest, reply
 	defer metrics.MeasureSince([]string{"nomad", "deployment", "allocations"}, time.Now())
 
 	// Check namespace read-job permissions
-	if aclObj, err := d.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := d.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied

nomad/deployment_endpoint_test.go

@@ -80,19 +80,19 @@ func TestDeploymentEndpoint_GetDeployment_ACL(t *testing.T) {
 	assert.NotNil(msgpackrpc.CallWithCodec(codec, "Deployment.GetDeployment", get, &resp), "RPC")
 
 	// Try with a good token
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.GetDeployment", get, &resp), "RPC")
 	assert.EqualValues(resp.Index, 1000, "resp.Index")
 	assert.Equal(d, resp.Deployment, "Returned deployment not equal")
 
 	// Try with a bad token
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	err := msgpackrpc.CallWithCodec(codec, "Deployment.GetDeployment", get, &resp)
 	assert.NotNil(err, "RPC")
 	assert.Equal(err.Error(), structs.ErrPermissionDenied.Error())
 
 	// Try with a root token
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.GetDeployment", get, &resp), "RPC")
 	assert.EqualValues(resp.Index, 1000, "resp.Index")
 	assert.Equal(d, resp.Deployment, "Returned deployment not equal")
@@ -237,7 +237,7 @@ func TestDeploymentEndpoint_Fail_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.Fail", req, &resp)
 		assert.NotNil(err)
@@ -246,7 +246,7 @@ func TestDeploymentEndpoint_Fail_ACL(t *testing.T) {
 
 	// Try with a valid token
 	{
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.Fail", req, &resp), "RPC")
 		assert.NotEqual(resp.Index, uint64(0), "bad response index")
@@ -430,7 +430,7 @@ func TestDeploymentEndpoint_Pause_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.Pause", req, &resp)
 		assert.NotNil(err)
@@ -439,7 +439,7 @@ func TestDeploymentEndpoint_Pause_ACL(t *testing.T) {
 
 	// Fetch the response with a valid token
 	{
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.Pause", req, &resp), "RPC")
 		assert.NotEqual(resp.Index, uint64(0), "bad response index")
@@ -573,7 +573,7 @@ func TestDeploymentEndpoint_Promote_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.Promote", req, &resp)
 		assert.NotNil(err)
@@ -582,7 +582,7 @@ func TestDeploymentEndpoint_Promote_ACL(t *testing.T) {
 
 	// Fetch the response with a valid token
 	{
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.Promote", req, &resp), "RPC")
 		assert.NotEqual(resp.Index, uint64(0), "bad response index")
@@ -725,7 +725,7 @@ func TestDeploymentEndpoint_SetAllocHealth_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.SetAllocHealth", req, &resp)
 		assert.NotNil(err)
@@ -734,7 +734,7 @@ func TestDeploymentEndpoint_SetAllocHealth_ACL(t *testing.T) {
 
 	// Fetch the response with a valid token
 	{
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.SetAllocHealth", req, &resp), "RPC")
 		assert.NotZero(resp.Index, "bad response index")
@@ -943,7 +943,7 @@ func TestDeploymentEndpoint_List_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		get.SecretID = invalidToken.SecretID
+		get.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.List", get, &resp)
 		assert.NotNil(err)
@@ -952,7 +952,7 @@ func TestDeploymentEndpoint_List_ACL(t *testing.T) {
 
 	// Lookup the deployments with a root token
 	{
-		get.SecretID = root.SecretID
+		get.AuthToken = root.SecretID
 		var resp structs.DeploymentListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.List", get, &resp), "RPC")
 		assert.EqualValues(resp.Index, 1000, "Wrong Index")
@@ -962,7 +962,7 @@ func TestDeploymentEndpoint_List_ACL(t *testing.T) {
 
 	// Lookup the deployments with a valid token
 	{
-		get.SecretID = validToken.SecretID
+		get.AuthToken = validToken.SecretID
 		var resp structs.DeploymentListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.List", get, &resp), "RPC")
 		assert.EqualValues(resp.Index, 1000, "Wrong Index")
@@ -1111,7 +1111,7 @@ func TestDeploymentEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Try with an invalid token
 	{
-		get.SecretID = invalidToken.SecretID
+		get.AuthToken = invalidToken.SecretID
 		var resp structs.DeploymentUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Deployment.Allocations", get, &resp)
 		assert.NotNil(err)
@@ -1120,7 +1120,7 @@ func TestDeploymentEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Lookup the allocations with a valid token
 	{
-		get.SecretID = validToken.SecretID
+		get.AuthToken = validToken.SecretID
 		var resp structs.AllocListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.Allocations", get, &resp), "RPC")
 		assert.EqualValues(1001, resp.Index, "Wrong Index")
@@ -1130,7 +1130,7 @@ func TestDeploymentEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Lookup the allocations with a root token
 	{
-		get.SecretID = root.SecretID
+		get.AuthToken = root.SecretID
 		var resp structs.AllocListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Deployment.Allocations", get, &resp), "RPC")
 		assert.EqualValues(1001, resp.Index, "Wrong Index")

nomad/eval_endpoint.go

@@ -32,7 +32,7 @@ func (e *Eval) GetEval(args *structs.EvalSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "eval", "get_eval"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := e.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := e.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -326,7 +326,7 @@ func (e *Eval) List(args *structs.EvalListRequest,
 	defer metrics.MeasureSince([]string{"nomad", "eval", "list"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := e.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := e.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -383,7 +383,7 @@ func (e *Eval) Allocations(args *structs.EvalSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "eval", "allocations"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := e.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := e.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied

nomad/eval_endpoint_test.go

@@ -93,7 +93,7 @@ func TestEvalEndpoint_GetEval_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect permission denied
 	{
-		get.SecretID = invalidToken.SecretID
+		get.AuthToken = invalidToken.SecretID
 		var resp structs.SingleEvalResponse
 		err := msgpackrpc.CallWithCodec(codec, "Eval.GetEval", get, &resp)
 		assert.NotNil(err)
@@ -102,7 +102,7 @@ func TestEvalEndpoint_GetEval_ACL(t *testing.T) {
 
 	// Lookup the eval using a valid token
 	{
-		get.SecretID = validToken.SecretID
+		get.AuthToken = validToken.SecretID
 		var resp structs.SingleEvalResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.GetEval", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)
@@ -111,7 +111,7 @@ func TestEvalEndpoint_GetEval_ACL(t *testing.T) {
 
 	// Lookup the eval using a root token
 	{
-		get.SecretID = root.SecretID
+		get.AuthToken = root.SecretID
 		var resp structs.SingleEvalResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.GetEval", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)
@@ -633,7 +633,7 @@ func TestEvalEndpoint_List_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect permission denied
 	{
-		get.SecretID = invalidToken.SecretID
+		get.AuthToken = invalidToken.SecretID
 		var resp structs.EvalListResponse
 		err := msgpackrpc.CallWithCodec(codec, "Eval.List", get, &resp)
 		assert.NotNil(err)
@@ -642,7 +642,7 @@ func TestEvalEndpoint_List_ACL(t *testing.T) {
 
 	// List evals with a valid token
 	{
-		get.SecretID = validToken.SecretID
+		get.AuthToken = validToken.SecretID
 		var resp structs.EvalListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.List", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)
@@ -651,7 +651,7 @@ func TestEvalEndpoint_List_ACL(t *testing.T) {
 
 	// List evals with a root token
 	{
-		get.SecretID = root.SecretID
+		get.AuthToken = root.SecretID
 		var resp structs.EvalListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.List", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)
@@ -801,7 +801,7 @@ func TestEvalEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect permission denied
 	{
-		get.SecretID = invalidToken.SecretID
+		get.AuthToken = invalidToken.SecretID
 		var resp structs.EvalAllocationsResponse
 		err := msgpackrpc.CallWithCodec(codec, "Eval.Allocations", get, &resp)
 		assert.NotNil(err)
@@ -810,7 +810,7 @@ func TestEvalEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Lookup the eval with a valid token
 	{
-		get.SecretID = validToken.SecretID
+		get.AuthToken = validToken.SecretID
 		var resp structs.EvalAllocationsResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.Allocations", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)
@@ -819,7 +819,7 @@ func TestEvalEndpoint_Allocations_ACL(t *testing.T) {
 
 	// Lookup the eval with a root token
 	{
-		get.SecretID = root.SecretID
+		get.AuthToken = root.SecretID
 		var resp structs.EvalAllocationsResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Eval.Allocations", get, &resp))
 		assert.Equal(uint64(1000), resp.Index, "Bad index: %d %d", resp.Index, 1000)

nomad/job_endpoint.go

@@ -74,7 +74,7 @@ func (j *Job) Register(args *structs.JobRegisterRequest, reply *structs.JobRegis
 	reply.Warnings = structs.MergeMultierrorWarnings(warnings, canonicalizeWarnings)
 
 	// Check job submission permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil {
 		if !aclObj.AllowNsOp(structs.DefaultNamespace, acl.NamespaceCapabilitySubmitJob) {
@@ -313,7 +313,7 @@ func (j *Job) Summary(args *structs.JobSummaryRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job_summary", "get_job_summary"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -355,7 +355,7 @@ func (j *Job) Validate(args *structs.JobValidateRequest, reply *structs.JobValid
 	defer metrics.MeasureSince([]string{"nomad", "job", "validate"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -395,7 +395,7 @@ func (j *Job) Revert(args *structs.JobRevertRequest, reply *structs.JobRegisterR
 	defer metrics.MeasureSince([]string{"nomad", "job", "revert"}, time.Now())
 
 	// Check for submit-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -460,7 +460,7 @@ func (j *Job) Stable(args *structs.JobStabilityRequest, reply *structs.JobStabil
 	defer metrics.MeasureSince([]string{"nomad", "job", "stable"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -506,7 +506,7 @@ func (j *Job) Evaluate(args *structs.JobEvaluateRequest, reply *structs.JobRegis
 	defer metrics.MeasureSince([]string{"nomad", "job", "evaluate"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -576,7 +576,7 @@ func (j *Job) Deregister(args *structs.JobDeregisterRequest, reply *structs.JobD
 	defer metrics.MeasureSince([]string{"nomad", "job", "deregister"}, time.Now())
 
 	// Check for submit-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied
@@ -655,7 +655,7 @@ func (j *Job) GetJob(args *structs.JobSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "get_job"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -701,7 +701,7 @@ func (j *Job) GetJobVersions(args *structs.JobVersionsRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "get_job_versions"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -759,7 +759,7 @@ func (j *Job) List(args *structs.JobListRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "list"}, time.Now())
 
 	// Check for list-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityListJobs) {
 		return structs.ErrPermissionDenied
@@ -820,7 +820,7 @@ func (j *Job) Allocations(args *structs.JobSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "allocations"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -869,7 +869,7 @@ func (j *Job) Evaluations(args *structs.JobSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "evaluations"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -911,7 +911,7 @@ func (j *Job) Deployments(args *structs.JobSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "deployments"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -953,7 +953,7 @@ func (j *Job) LatestDeployment(args *structs.JobSpecificRequest,
 	defer metrics.MeasureSince([]string{"nomad", "job", "latest_deployment"}, time.Now())
 
 	// Check for read-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityReadJob) {
 		return structs.ErrPermissionDenied
@@ -1020,7 +1020,7 @@ func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse)
 	reply.Warnings = structs.MergeMultierrorWarnings(warnings, canonicalizeWarnings)
 
 	// Check job submission permissions, which we assume is the same for plan
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil {
 		if !aclObj.AllowNsOp(structs.DefaultNamespace, acl.NamespaceCapabilitySubmitJob) {
@@ -1238,7 +1238,7 @@ func (j *Job) Dispatch(args *structs.JobDispatchRequest, reply *structs.JobDispa
 	defer metrics.MeasureSince([]string{"nomad", "job", "dispatch"}, time.Now())
 
 	// Check for submit-job permissions
-	if aclObj, err := j.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityDispatchJob) {
 		return structs.ErrPermissionDenied

nomad/job_endpoint_test.go

@@ -121,7 +121,7 @@ func TestJobEndpoint_Register_ACL(t *testing.T) {
 	}
 
 	// Try with a token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	if err := msgpackrpc.CallWithCodec(codec, "Job.Register", req, &resp); err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -1067,14 +1067,14 @@ func TestJobEndpoint_Revert_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	revertReq.SecretID = invalidToken.SecretID
+	revertReq.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Revert", revertReq, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Fetch the response with a valid management token
-	revertReq.SecretID = root.SecretID
+	revertReq.AuthToken = root.SecretID
 	var validResp structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Revert", revertReq, &validResp)
 	assert.Nil(err)
@@ -1083,7 +1083,7 @@ func TestJobEndpoint_Revert_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1003, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilitySubmitJob}))
 
-	revertReq.SecretID = validToken.SecretID
+	revertReq.AuthToken = validToken.SecretID
 	var validResp2 structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Revert", revertReq, &validResp2)
 	assert.Nil(err)
@@ -1190,14 +1190,14 @@ func TestJobEndpoint_Stable_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	stableReq.SecretID = invalidToken.SecretID
+	stableReq.AuthToken = invalidToken.SecretID
 	var invalidStableResp structs.JobStabilityResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Stable", stableReq, &invalidStableResp)
 	assert.NotNil(err)
 	assert.Contains("Permission denied", err.Error())
 
 	// Attempt to fetch with a management token
-	stableReq.SecretID = root.SecretID
+	stableReq.AuthToken = root.SecretID
 	var validStableResp structs.JobStabilityResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Stable", stableReq, &validStableResp)
 	assert.Nil(err)
@@ -1206,7 +1206,7 @@ func TestJobEndpoint_Stable_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilitySubmitJob}))
 
-	stableReq.SecretID = validToken.SecretID
+	stableReq.AuthToken = validToken.SecretID
 	var validStableResp2 structs.JobStabilityResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Stable", stableReq, &validStableResp2)
 	assert.Nil(err)
@@ -1334,14 +1334,14 @@ func TestJobEndpoint_Evaluate_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	reEval.SecretID = invalidToken.SecretID
+	reEval.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluate", reEval, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Fetch the response with a valid management token
-	reEval.SecretID = root.SecretID
+	reEval.AuthToken = root.SecretID
 	var validResp structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluate", reEval, &validResp)
 	assert.Nil(err)
@@ -1350,7 +1350,7 @@ func TestJobEndpoint_Evaluate_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	reEval.SecretID = validToken.SecretID
+	reEval.AuthToken = validToken.SecretID
 	var validResp2 structs.JobRegisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluate", reEval, &validResp2)
 	assert.Nil(err)
@@ -1638,7 +1638,7 @@ func TestJobEndpoint_Deregister_ACL(t *testing.T) {
 	// Expect failure for request with an invalid token
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 
 	var invalidResp structs.JobDeregisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Deregister", req, &invalidResp)
@@ -1646,7 +1646,7 @@ func TestJobEndpoint_Deregister_ACL(t *testing.T) {
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Expect success with a valid management token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 
 	var validResp structs.JobDeregisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Deregister", req, &validResp)
@@ -1656,7 +1656,7 @@ func TestJobEndpoint_Deregister_ACL(t *testing.T) {
 	// Expect success with a valid token
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilitySubmitJob}))
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 
 	var validResp2 structs.JobDeregisterResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Deregister", req, &validResp2)
@@ -1973,14 +1973,14 @@ func TestJobEndpoint_GetJob_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.SingleJobResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJob", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Looking up the job with a management token should succeed
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.SingleJobResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJob", get, &validResp)
 	assert.Nil(err)
@@ -1990,7 +1990,7 @@ func TestJobEndpoint_GetJob_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.SingleJobResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJob", get, &validResp2)
 	assert.Nil(err)
@@ -2184,14 +2184,14 @@ func TestJobEndpoint_GetJobVersions_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobVersionsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJobVersions", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Expect success for request with a valid management token
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.JobVersionsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJobVersions", get, &validResp)
 	assert.Nil(err)
@@ -2200,7 +2200,7 @@ func TestJobEndpoint_GetJobVersions_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.JobVersionsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.GetJobVersions", get, &validResp2)
 	assert.Nil(err)
@@ -2474,7 +2474,7 @@ func TestJobEndpoint_Summary_ACL(t *testing.T) {
 			Namespace: job.Namespace,
 		},
 	}
-	reg.SecretID = root.SecretID
+	reg.AuthToken = root.SecretID
 
 	var err error
 
@@ -2512,7 +2512,7 @@ func TestJobEndpoint_Summary_ACL(t *testing.T) {
 	}
 
 	// Expect success when using a management token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	var mgmtResp structs.JobSummaryResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Summary", req, &mgmtResp)
 	assert.Nil(err)
@@ -2525,7 +2525,7 @@ func TestJobEndpoint_Summary_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobSummaryResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Summary", req, &invalidResp)
 	assert.NotNil(err)
@@ -2534,7 +2534,7 @@ func TestJobEndpoint_Summary_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1001, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 	var authResp structs.JobSummaryResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Summary", req, &authResp)
 	assert.Nil(err)
@@ -2728,7 +2728,7 @@ func TestJobEndpoint_ListJobs_WithACL(t *testing.T) {
 
 	// Expect success for request with a management token
 	var mgmtResp structs.JobListResponse
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	err = msgpackrpc.CallWithCodec(codec, "Job.List", req, &mgmtResp)
 	assert.Nil(err)
 	assert.Equal(1, len(mgmtResp.Jobs))
@@ -2738,7 +2738,7 @@ func TestJobEndpoint_ListJobs_WithACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobListResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.List", req, &invalidResp)
 	assert.NotNil(err)
@@ -2747,7 +2747,7 @@ func TestJobEndpoint_ListJobs_WithACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1001, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 	var validResp structs.JobListResponse
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 
 	err = msgpackrpc.CallWithCodec(codec, "Job.List", req, &validResp)
 	assert.Nil(err)
@@ -2901,14 +2901,14 @@ func TestJobEndpoint_Allocations_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobAllocationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Allocations", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Attempt to fetch the response with valid management token should succeed
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.JobAllocationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Allocations", get, &validResp)
 	assert.Nil(err)
@@ -2917,7 +2917,7 @@ func TestJobEndpoint_Allocations_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.JobAllocationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Allocations", get, &validResp2)
 	assert.Nil(err)
@@ -3058,14 +3058,14 @@ func TestJobEndpoint_Evaluations_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.JobEvaluationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluations", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Attempt to fetch with valid management token should succeed
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.JobEvaluationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluations", get, &validResp)
 	assert.Nil(err)
@@ -3075,7 +3075,7 @@ func TestJobEndpoint_Evaluations_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1003, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.JobEvaluationsResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Evaluations", get, &validResp2)
 	assert.Nil(err)
@@ -3208,14 +3208,14 @@ func TestJobEndpoint_Deployments_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.DeploymentListResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Deployments", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Lookup with valid management token should succeed
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.DeploymentListResponse
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Job.Deployments", get, &validResp), "RPC")
 	assert.EqualValues(1002, validResp.Index, "response index")
@@ -3225,7 +3225,7 @@ func TestJobEndpoint_Deployments_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.DeploymentListResponse
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Job.Deployments", get, &validResp2), "RPC")
 	assert.EqualValues(1002, validResp2.Index, "response index")
@@ -3355,14 +3355,14 @@ func TestJobEndpoint_LatestDeployment_ACL(t *testing.T) {
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
 
-	get.SecretID = invalidToken.SecretID
+	get.AuthToken = invalidToken.SecretID
 	var invalidResp structs.SingleDeploymentResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.LatestDeployment", get, &invalidResp)
 	assert.NotNil(err)
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Fetching latest deployment with a valid management token should succeed
-	get.SecretID = root.SecretID
+	get.AuthToken = root.SecretID
 	var validResp structs.SingleDeploymentResponse
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Job.LatestDeployment", get, &validResp), "RPC")
 	assert.EqualValues(1002, validResp.Index, "response index")
@@ -3373,7 +3373,7 @@ func TestJobEndpoint_LatestDeployment_ACL(t *testing.T) {
 	validToken := mock.CreatePolicyAndToken(t, state, 1004, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
 
-	get.SecretID = validToken.SecretID
+	get.AuthToken = validToken.SecretID
 	var validResp2 structs.SingleDeploymentResponse
 	assert.Nil(msgpackrpc.CallWithCodec(codec, "Job.LatestDeployment", get, &validResp2), "RPC")
 	assert.EqualValues(1002, validResp2.Index, "response index")
@@ -3454,7 +3454,7 @@ func TestJobEndpoint_Plan_ACL(t *testing.T) {
 	}
 
 	// Try with a token
-	planReq.SecretID = root.SecretID
+	planReq.AuthToken = root.SecretID
 	if err := msgpackrpc.CallWithCodec(codec, "Job.Plan", planReq, &planResp); err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -3808,7 +3808,7 @@ func TestJobEndpoint_ValidateJobUpdate_ACL(t *testing.T) {
 	assert.NotNil(err)
 
 	// Update with a valid token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	var validResp structs.JobValidateResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Validate", req, &validResp)
 	assert.Nil(err)
@@ -3854,7 +3854,7 @@ func TestJobEndpoint_Dispatch_ACL(t *testing.T) {
 	// Attempt to fetch the response with an invalid token should fail
 	invalidToken := mock.CreatePolicyAndToken(t, state, 1001, "test-invalid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 
 	var invalidResp structs.JobDispatchResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Dispatch", req, &invalidResp)
@@ -3862,7 +3862,7 @@ func TestJobEndpoint_Dispatch_ACL(t *testing.T) {
 	assert.Contains(err.Error(), "Permission denied")
 
 	// Dispatch with a valid management token should succeed
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 
 	var validResp structs.JobDispatchResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Dispatch", req, &validResp)
@@ -3874,7 +3874,7 @@ func TestJobEndpoint_Dispatch_ACL(t *testing.T) {
 	// Dispatch with a valid token should succeed
 	validToken := mock.CreatePolicyAndToken(t, state, 1003, "test-valid",
 		mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityDispatchJob}))
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 
 	var validResp2 structs.JobDispatchResponse
 	err = msgpackrpc.CallWithCodec(codec, "Job.Dispatch", req, &validResp2)

nomad/leader.go

@@ -721,7 +721,7 @@ START:
 
 			// Fetch the list of policies
 			var resp structs.ACLPolicyListResponse
-			req.SecretID = s.ReplicationToken()
+			req.AuthToken = s.ReplicationToken()
 			err := s.forwardRegion(s.config.AuthoritativeRegion,
 				"ACL.ListPolicies", &req, &resp)
 			if err != nil {
@@ -751,7 +751,7 @@ START:
 					Names: update,
 					QueryOptions: structs.QueryOptions{
 						Region:        s.config.AuthoritativeRegion,
-						SecretID:      s.ReplicationToken(),
+						AuthToken:     s.ReplicationToken(),
 						AllowStale:    true,
 						MinQueryIndex: resp.Index - 1,
 					},
@@ -863,7 +863,7 @@ START:
 
 			// Fetch the list of tokens
 			var resp structs.ACLTokenListResponse
-			req.SecretID = s.ReplicationToken()
+			req.AuthToken = s.ReplicationToken()
 			err := s.forwardRegion(s.config.AuthoritativeRegion,
 				"ACL.ListTokens", &req, &resp)
 			if err != nil {
@@ -893,7 +893,7 @@ START:
 					AccessorIDS: update,
 					QueryOptions: structs.QueryOptions{
 						Region:        s.config.AuthoritativeRegion,
-						SecretID:      s.ReplicationToken(),
+						AuthToken:     s.ReplicationToken(),
 						AllowStale:    true,
 						MinQueryIndex: resp.Index - 1,
 					},

nomad/node_endpoint.go

@@ -390,7 +390,7 @@ func (n *Node) UpdateDrain(args *structs.NodeUpdateDrainRequest,
 	defer metrics.MeasureSince([]string{"nomad", "client", "update_drain"}, time.Now())
 
 	// Check node write permissions
-	if aclObj, err := n.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := n.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNodeWrite() {
 		return structs.ErrPermissionDenied
@@ -452,7 +452,7 @@ func (n *Node) Evaluate(args *structs.NodeEvaluateRequest, reply *structs.NodeUp
 	defer metrics.MeasureSince([]string{"nomad", "client", "evaluate"}, time.Now())
 
 	// Check node write permissions
-	if aclObj, err := n.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := n.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNodeWrite() {
 		return structs.ErrPermissionDenied
@@ -859,7 +859,7 @@ func (n *Node) List(args *structs.NodeListRequest,
 	defer metrics.MeasureSince([]string{"nomad", "client", "list"}, time.Now())
 
 	// Check node read permissions
-	if aclObj, err := n.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := n.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNodeRead() {
 		return structs.ErrPermissionDenied

nomad/node_endpoint_test.go

@@ -691,14 +691,14 @@ func TestClientEndpoint_UpdateDrain_ACL(t *testing.T) {
 	}
 
 	// Try with a valid token
-	dereg.SecretID = validToken.SecretID
+	dereg.AuthToken = validToken.SecretID
 	{
 		var resp structs.NodeDrainUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.UpdateDrain", dereg, &resp), "RPC")
 	}
 
 	// Try with a invalid token
-	dereg.SecretID = invalidToken.SecretID
+	dereg.AuthToken = invalidToken.SecretID
 	{
 		var resp structs.NodeDrainUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Node.UpdateDrain", dereg, &resp)
@@ -707,7 +707,7 @@ func TestClientEndpoint_UpdateDrain_ACL(t *testing.T) {
 	}
 
 	// Try with a root token
-	dereg.SecretID = root.SecretID
+	dereg.AuthToken = root.SecretID
 	{
 		var resp structs.NodeDrainUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.UpdateDrain", dereg, &resp), "RPC")
@@ -1932,14 +1932,14 @@ func TestClientEndpoint_Evaluate_ACL(t *testing.T) {
 	}
 
 	// Try with a valid token
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 	{
 		var resp structs.NodeUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.Evaluate", req, &resp), "RPC")
 	}
 
 	// Try with a invalid token
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 	{
 		var resp structs.NodeUpdateResponse
 		err := msgpackrpc.CallWithCodec(codec, "Node.Evaluate", req, &resp)
@@ -1948,7 +1948,7 @@ func TestClientEndpoint_Evaluate_ACL(t *testing.T) {
 	}
 
 	// Try with a root token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	{
 		var resp structs.NodeUpdateResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.Evaluate", req, &resp), "RPC")
@@ -2045,7 +2045,7 @@ func TestClientEndpoint_ListNodes_ACL(t *testing.T) {
 	}
 
 	// Try with a valid token
-	req.SecretID = validToken.SecretID
+	req.AuthToken = validToken.SecretID
 	{
 		var resp structs.NodeListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.List", req, &resp), "RPC")
@@ -2053,7 +2053,7 @@ func TestClientEndpoint_ListNodes_ACL(t *testing.T) {
 	}
 
 	// Try with a invalid token
-	req.SecretID = invalidToken.SecretID
+	req.AuthToken = invalidToken.SecretID
 	{
 		var resp structs.NodeListResponse
 		err := msgpackrpc.CallWithCodec(codec, "Node.List", req, &resp)
@@ -2062,7 +2062,7 @@ func TestClientEndpoint_ListNodes_ACL(t *testing.T) {
 	}
 
 	// Try with a root token
-	req.SecretID = root.SecretID
+	req.AuthToken = root.SecretID
 	{
 		var resp structs.NodeListResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Node.List", req, &resp), "RPC")

nomad/operator_endpoint.go

@@ -21,7 +21,7 @@ func (op *Operator) RaftGetConfiguration(args *structs.GenericRequest, reply *st
 	}
 
 	// Check management permissions
-	if aclObj, err := op.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := op.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -77,7 +77,7 @@ func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftPeerByAddressReque
 	}
 
 	// Check management permissions
-	if aclObj, err := op.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := op.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.IsManagement() {
 		return structs.ErrPermissionDenied

nomad/operator_endpoint_test.go

@@ -85,7 +85,7 @@ func TestOperator_RaftGetConfiguration_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect permission denied
 	{
-		arg.SecretID = invalidToken.SecretID
+		arg.AuthToken = invalidToken.SecretID
 		var reply structs.RaftConfigurationResponse
 		err := msgpackrpc.CallWithCodec(codec, "Operator.RaftGetConfiguration", &arg, &reply)
 		assert.NotNil(err)
@@ -94,7 +94,7 @@ func TestOperator_RaftGetConfiguration_ACL(t *testing.T) {
 
 	// Use management token
 	{
-		arg.SecretID = root.SecretID
+		arg.AuthToken = root.SecretID
 		var reply structs.RaftConfigurationResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Operator.RaftGetConfiguration", &arg, &reply))
 
@@ -209,7 +209,7 @@ func TestOperator_RaftRemovePeerByAddress_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect permission denied
 	{
-		arg.SecretID = invalidToken.SecretID
+		arg.AuthToken = invalidToken.SecretID
 		err := msgpackrpc.CallWithCodec(codec, "Operator.RaftRemovePeerByAddress", &arg, &reply)
 		assert.NotNil(err)
 		assert.Equal(err.Error(), structs.ErrPermissionDenied.Error())
@@ -217,7 +217,7 @@ func TestOperator_RaftRemovePeerByAddress_ACL(t *testing.T) {
 
 	// Try with a management token
 	{
-		arg.SecretID = root.SecretID
+		arg.AuthToken = root.SecretID
 		err := msgpackrpc.CallWithCodec(codec, "Operator.RaftRemovePeerByAddress", &arg, &reply)
 		assert.Nil(err)
 	}

nomad/periodic_endpoint.go

@@ -23,7 +23,7 @@ func (p *Periodic) Force(args *structs.PeriodicForceRequest, reply *structs.Peri
 	defer metrics.MeasureSince([]string{"nomad", "periodic", "force"}, time.Now())
 
 	// Check for write-job permissions
-	if aclObj, err := p.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := p.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 		return structs.ErrPermissionDenied

nomad/periodic_endpoint_test.go

@@ -100,7 +100,7 @@ func TestPeriodicEndpoint_Force_ACL(t *testing.T) {
 	// Try with an invalid token and expect permission denied
 	{
 		invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "invalid", mock.NodePolicy(acl.PolicyWrite))
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.PeriodicForceResponse
 		err := msgpackrpc.CallWithCodec(codec, "Periodic.Force", req, &resp)
 		assert.NotNil(err)
@@ -111,7 +111,7 @@ func TestPeriodicEndpoint_Force_ACL(t *testing.T) {
 	{
 		policy := mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilitySubmitJob})
 		token := mock.CreatePolicyAndToken(t, state, 1005, "valid", policy)
-		req.SecretID = token.SecretID
+		req.AuthToken = token.SecretID
 		var resp structs.PeriodicForceResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Periodic.Force", req, &resp))
 		assert.NotEqual(0, resp.Index)
@@ -126,7 +126,7 @@ func TestPeriodicEndpoint_Force_ACL(t *testing.T) {
 
 	// Fetch the response with management token
 	{
-		req.SecretID = root.SecretID
+		req.AuthToken = root.SecretID
 		var resp structs.PeriodicForceResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Periodic.Force", req, &resp))
 		assert.NotEqual(0, resp.Index)

nomad/search_endpoint.go

@@ -113,7 +113,7 @@ func roundUUIDDownIfOdd(prefix string, context structs.Context) string {
 // PrefixSearch is used to list matches for a given prefix, and returns
 // matching jobs, evaluations, allocations, and/or nodes.
 func (s *Search) PrefixSearch(args *structs.SearchRequest, reply *structs.SearchResponse) error {
-	aclObj, err := s.srv.ResolveToken(args.SecretID)
+	aclObj, err := s.srv.ResolveToken(args.AuthToken)
 	if err != nil {
 		return err
 	}

nomad/search_endpoint_test.go

@@ -98,7 +98,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 	{
 		invalidToken := mock.CreatePolicyAndToken(t, state, 1003, "test-invalid",
 			mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityListJobs}))
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.SearchResponse
 		err := msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp)
 		assert.NotNil(err)
@@ -108,7 +108,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 	// Try with a node:read token and expect failure due to Jobs being the context
 	{
 		validToken := mock.CreatePolicyAndToken(t, state, 1005, "test-invalid2", mock.NodePolicy(acl.PolicyRead))
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.SearchResponse
 		err := msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp)
 		assert.NotNil(err)
@@ -119,7 +119,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 	{
 		validToken := mock.CreatePolicyAndToken(t, state, 1007, "test-valid", mock.NodePolicy(acl.PolicyRead))
 		req.Context = structs.All
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.SearchResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp))
 		assert.Equal(uint64(1001), resp.Index)
@@ -133,7 +133,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 	{
 		validToken := mock.CreatePolicyAndToken(t, state, 1009, "test-valid2",
 			mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}))
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.SearchResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp))
 		assert.Len(resp.Matches[structs.Jobs], 1)
@@ -152,7 +152,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 			mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}),
 			mock.NodePolicy(acl.PolicyRead),
 		}, "\n"))
-		req.SecretID = validToken.SecretID
+		req.AuthToken = validToken.SecretID
 		var resp structs.SearchResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp))
 		assert.Len(resp.Matches[structs.Jobs], 1)
@@ -163,7 +163,7 @@ func TestSearch_PrefixSearch_ACL(t *testing.T) {
 
 	// Try with a management token
 	{
-		req.SecretID = root.SecretID
+		req.AuthToken = root.SecretID
 		var resp structs.SearchResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Search.PrefixSearch", req, &resp))
 		assert.Equal(uint64(1001), resp.Index)

nomad/status_endpoint.go

@@ -73,7 +73,7 @@ func (s *Status) Peers(args *structs.GenericRequest, reply *[]string) error {
 // aware of
 func (s *Status) Members(args *structs.GenericRequest, reply *structs.ServerMembersResponse) error {
 	// Check node read permissions
-	if aclObj, err := s.srv.ResolveToken(args.SecretID); err != nil {
+	if aclObj, err := s.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil && !aclObj.AllowNodeRead() {
 		return structs.ErrPermissionDenied

nomad/status_endpoint_test.go

@@ -146,7 +146,7 @@ func TestStatusMembers_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect failure
 	{
-		arg.SecretID = invalidToken.SecretID
+		arg.AuthToken = invalidToken.SecretID
 		var out structs.ServerMembersResponse
 		err := msgpackrpc.CallWithCodec(codec, "Status.Members", arg, &out)
 		assert.NotNil(err)
@@ -155,7 +155,7 @@ func TestStatusMembers_ACL(t *testing.T) {
 
 	// Try with a valid token
 	{
-		arg.SecretID = validToken.SecretID
+		arg.AuthToken = validToken.SecretID
 		var out structs.ServerMembersResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Status.Members", arg, &out))
 		assert.Len(out.Members, 1)
@@ -163,7 +163,7 @@ func TestStatusMembers_ACL(t *testing.T) {
 
 	// Try with a management token
 	{
-		arg.SecretID = root.SecretID
+		arg.AuthToken = root.SecretID
 		var out structs.ServerMembersResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "Status.Members", arg, &out))
 		assert.Len(out.Members, 1)

nomad/structs/structs.go

@@ -166,8 +166,8 @@ type QueryOptions struct {
 	// If set, used as prefix for resource list searches
 	Prefix string
 
-	// SecretID is secret portion of the ACL token used for the request
-	SecretID string
+	// AuthToken is secret portion of the ACL token used for the request
+	AuthToken string
 }
 
 func (q QueryOptions) RequestRegion() string {
@@ -197,8 +197,8 @@ type WriteRequest struct {
 	// Namespace is the target namespace for the write.
 	Namespace string
 
-	// SecretID is secret portion of the ACL token used for the request
-	SecretID string
+	// AuthToken is secret portion of the ACL token used for the request
+	AuthToken string
 }
 
 func (w WriteRequest) RequestRegion() string {

nomad/system_endpoint.go

@@ -19,7 +19,7 @@ func (s *System) GarbageCollect(args *structs.GenericRequest, reply *structs.Gen
 	}
 
 	// Check management level permissions
-	if acl, err := s.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := s.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl != nil && !acl.IsManagement() {
 		return structs.ErrPermissionDenied
@@ -43,7 +43,7 @@ func (s *System) ReconcileJobSummaries(args *structs.GenericRequest, reply *stru
 	}
 
 	// Check management level permissions
-	if acl, err := s.srv.ResolveToken(args.SecretID); err != nil {
+	if acl, err := s.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if acl != nil && !acl.IsManagement() {
 		return structs.ErrPermissionDenied

nomad/system_endpoint_test.go

@@ -93,7 +93,7 @@ func TestSystemEndpoint_GarbageCollect_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect failure
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.GenericResponse
 		err := msgpackrpc.CallWithCodec(codec, "System.GarbageCollect", req, &resp)
 		assert.NotNil(err)
@@ -102,7 +102,7 @@ func TestSystemEndpoint_GarbageCollect_ACL(t *testing.T) {
 
 	// Try with a management token
 	{
-		req.SecretID = root.SecretID
+		req.AuthToken = root.SecretID
 		var resp structs.GenericResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "System.GarbageCollect", req, &resp))
 	}
@@ -199,7 +199,7 @@ func TestSystemEndpoint_ReconcileJobSummaries_ACL(t *testing.T) {
 
 	// Try with an invalid token and expect failure
 	{
-		req.SecretID = invalidToken.SecretID
+		req.AuthToken = invalidToken.SecretID
 		var resp structs.GenericResponse
 		err := msgpackrpc.CallWithCodec(codec, "System.ReconcileJobSummaries", req, &resp)
 		assert.NotNil(err)
@@ -208,7 +208,7 @@ func TestSystemEndpoint_ReconcileJobSummaries_ACL(t *testing.T) {
 
 	// Try with a management token
 	{
-		req.SecretID = root.SecretID
+		req.AuthToken = root.SecretID
 		var resp structs.GenericResponse
 		assert.Nil(msgpackrpc.CallWithCodec(codec, "System.ReconcileJobSummaries", req, &resp))
 	}