mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
b9d195224e
The HCL parser allows for labels that aren't needed, which makes it easy to accidentally write a `secure_variable` block that has the intended path as the label for that block instead of the innner `path` block. This can result in silent failure to lock down variables if an incorrectly specified block was used to reduce the scope of capabilities (for example, if another correctly-written rule allows access to `*`). We can't detect the extraneous label in the HCL API, but we can detect if we're missing `path` blocks entirely. Use this to block obvious user errors.