Table: nomad_acl_policy - Query Nomad ACL Policies using SQL
Nomad Access Control List (ACL) Policies are a crucial aspect of Nomad's security model, enabling fine-grained authorization of Nomad's API. These policies provide a flexible way to grant permissions to Nomad's API, allowing for a variety of permissions based on the specific needs of your applications. ACL Policies are defined in HashiCorp Configuration Language (HCL) or JSON, and can be managed via the API or CLI.
Table Usage Guide
The nomad_acl_policy
table provides insights into ACL policies within HashiCorp Nomad. As a security analyst, explore policy-specific details through this table, including policy names, descriptions, rules, and creation times. Utilize it to uncover information about policies, such as their specific permissions and the resources they apply to, providing a comprehensive view of your Nomad environment's security posture.
Important Notes
- You need to specify the
secret_id
config argument in thenomad.spc
file to be able to query this table.
Examples
Basic info
Explore the policies in your Nomad cluster to understand their rules and descriptions, as well as when they were created or last modified. This could be useful for auditing purposes or to ensure compliance with security protocols.
select name, rules, description, create_index, modify_indexfrom nomad_acl_policy;
select name, rules, description, create_index, modify_indexfrom nomad_acl_policy;
List policies that are attached to any job
Explore which policies are linked to a job to gain insights into their rules and descriptions, useful for understanding the permissions and restrictions associated with different jobs. This can help in effectively managing and modifying job-related policies.
select name, rules, description, create_index, modify_indexfrom nomad_acl_policywhere job_acl is not null;
select name, rules, description, create_index, modify_indexfrom nomad_acl_policywhere job_acl is not null;
List policies which are attached to ACL tokens
Explore which policies are related to ACL tokens, allowing you to understand the rules and descriptions associated with each policy. This can help in managing and modifying your ACL tokens more effectively.
select name, rules, description, create_index, modify_indexfrom nomad_acl_policywhere name in ( select jsonb_array_elements_text(policies) from nomad_acl_token );
select name, rules, description, create_index, modify_indexfrom nomad_acl_policywhere name in ( select json_each.value from nomad_acl_token, json_each(policies) );
Schema for nomad_acl_policy
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
create_index | bigint | The index when the acl policy was created. | |
description | text | The description of the acl policy. | |
job_acl | jsonb | The capabilities of the acl policy. | |
modify_index | bigint | The index when the acl policy was last modified. | |
name | text | = | The name of the acl policy. |
rules | text | The set of rules of the acl policy. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the acl policy. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- nomad
You can pass the configuration to the command with the --config
argument:
steampipe_export_nomad --config '<your_config>' nomad_acl_policy