Skip to content

Support uploading client ACL tokens#27741

Open
allisonlarson wants to merge 3 commits intomainfrom
f-provide-client-tokens
Open

Support uploading client ACL tokens#27741
allisonlarson wants to merge 3 commits intomainfrom
f-provide-client-tokens

Conversation

@allisonlarson
Copy link
Copy Markdown
Contributor

@allisonlarson allisonlarson commented Mar 24, 2026
edited
Loading

Description

Adds support for uploading client ACL tokens by supplying the accessorID and secretID during creation. The command nomad acl token create now takes an optional -accessor flag, and the secretID is provided either by a filepath or through stdin (-), following how nomad acl bootstrap accepts the secretID. If the accessor is provided, the secretID is required; similarly, if the secretID is passed, the accessor is required. Management tokens are not allowed to be uploaded in this way.

I've added a new ACLTokens.Upload function to the api package for clarity and clear validation message, but it still uses the same http path & requests. I can collapse this into the same ACLTokens.Create, but the specificity felt nicer.

Testing & Reproduction steps

tests were added, and tested manually

Links

Issue: #24457
Internal ref: https://hashicorp.atlassian.net/browse/NMD-352

Contributor Checklist

  • Changelog Entry If this PR changes user-facing behavior, please generate and add a
    changelog entry using the make cl command.
  • Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
    ensure regressions will be caught.
  • Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
    and job configuration, please update the Nomad product documentation, which is stored in the
    web-unified-docs repo. Refer to the web-unified-docs contributor guide for docs guidelines.
    Please also consider whether the change requires notes within the upgrade
    guide    . If you would like help with the docs, tag the nomad-docs team in this PR.

Reviewer Checklist

  • Backport Labels Please add the correct backport labels as described by the internal
    backporting document.
  • Commit Type Ensure the correct merge method is selected which should be "squash and merge"
    in the majority of situations. The main exceptions are long-lived feature branches or merges where
    history should be preserved.
  • Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
    within the public repository.
  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

@allisonlarson allisonlarson requested review from a team as code owners March 24, 2026 00:12
@allisonlarson allisonlarson added this to the 2.0.1 milestone Mar 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pkazmierczak pkazmierczak Awaiting requested review from pkazmierczak

@mismithhisler mismithhisler Awaiting requested review from mismithhisler

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.0.1

Development

Successfully merging this pull request may close these issues.

1 participant

@allisonlarson