From c1bd64664f6e886a30d4361f6b5d8806559571a6 Mon Sep 17 00:00:00 2001
From: Tristan Morgan <tristan.morgan@hashicorp.com>
Date: Thu, 24 Oct 2024 10:31:24 +1100
Subject: [PATCH] Update nomad policies to match
 https://developer.hashicorp.com/nomad/docs/integrations/consul/acl#nomad-agents

---
 .../structs/acltemplatedpolicy/policies/ce/nomad-client.hcl | 2 +-
 .../structs/acltemplatedpolicy/policies/ce/nomad-server.hcl | 6 ++++--
 .../ce/nomad-client-templated-policy.json.golden            | 2 +-
 .../ce/nomad-client-templated-policy.pretty-meta.golden     | 2 +-
 .../ce/nomad-server-templated-policy.json.golden            | 2 +-
 .../ce/nomad-server-templated-policy.pretty-meta.golden     | 6 ++++--
 6 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
index 4ea9f1e6df51e..26941a8128545 100644
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-client.hcl
@@ -2,7 +2,7 @@ agent_prefix "" {
   policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
   policy = "write"
diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
index 7030ff771a199..23cb78e1134ca 100644
--- a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
+++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
@@ -1,10 +1,12 @@
 
-acl = "write"
+acl  = "write"
+mesh = "write"
+
 agent_prefix "" {
   policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
   policy = "write"
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
index 00d361fac806a..0fece044def5d 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.json.golden
@@ -1,6 +1,6 @@
 {
     "TemplateName": "builtin/nomad-client",
     "Schema": "",
-    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
+    "Template": "agent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}\nkey_prefix \"\" {\n  policy = \"read\"\n}",
     "Description": "Gives the token or role permissions required for integration with a nomad client."
 }
\ No newline at end of file
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
index bb8053bcc2297..cc3a19df2c67c 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-client-templated-policy.pretty-meta.golden
@@ -8,7 +8,7 @@ agent_prefix "" {
   policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
   policy = "write"
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
index 871b26dac3494..56b257a1fa75f 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
@@ -1,6 +1,6 @@
 {
     "TemplateName": "builtin/nomad-server",
     "Schema": "",
-    "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
+    "Template": "\nacl  = \"write\"\nmesh = \"write\"\n\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"write\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}",
     "Description": "Gives the token or role permissions required for integration with a nomad server."
 }
\ No newline at end of file
diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
index 60c1961151802..0ce9e5853239b 100644
--- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
+++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
@@ -5,12 +5,14 @@ Example usage:
 	consul acl token create -templated-policy builtin/nomad-server
 Raw Template:
 
-acl = "write"
+acl  = "write"
+mesh = "write"
+
 agent_prefix "" {
   policy = "read"
 }
 node_prefix "" {
-  policy = "read"
+  policy = "write"
 }
 service_prefix "" {
   policy = "write"