Table: nomad_acl_role - Query Nomad ACL Roles using SQL

Nomad ACL Roles are a resource in HashiCorp's Nomad that allows you to define permissions for clients and servers. They provide a flexible way to manage access control, allowing you to specify which actions a client or server can perform and on which resources. ACL Roles are an integral part of Nomad's security model, which aims to provide secure, multi-tenant environments.

Table Usage Guide

The nomad_acl_role table provides insights into ACL roles within HashiCorp's Nomad. As a DevOps engineer, explore role-specific details through this table, including role names, types, and associated policies. Utilize it to uncover information about roles, such as their permissions, the resources they have access to, and potential security risks in your Nomad environment.

Important Notes

You need to specify the secret_id config argument in the nomad.spc file to be able to query this table.

Examples

Basic info

Explore which access control roles have been created and modified in your Nomad environment, allowing you to maintain security and manage user permissions effectively.

select
  id,
  name,
  description,
  create_index,
  modify_index
from
  nomad_acl_role;

select
  id,
  name,
  description,
  create_index,
  modify_index
from
  nomad_acl_role;

Show ACL policies attached to a particular ACL role

Identify the access control policies linked to a specific role to understand its permissions and restrictions. This could be useful in auditing or updating security measures.

select
  name,
  rules,
  description,
  create_index,
  modify_index
from
  nomad_acl_policy
where
  name in (
    select
      p ->> 'Name'
    from
      nomad_acl_role,
      jsonb_array_elements(policies) as p
    where
      name = 'aclRole'
  );

select
  name,
  rules,
  description,
  create_index,
  modify_index
from
  nomad_acl_policy
where
  name in (
    select
      json_extract(p.value, '$.Name')
    from
      nomad_acl_role,
      json_each(policies) as p
    where
      name = 'aclRole'
  );

List roles which are attached to ACL tokens

Determine the roles associated with ACL tokens in your system to understand their permissions and access levels. This can be useful in managing security and ensuring proper access control within your network.

select
  id,
  name,
  description,
  create_index,
  modify_index
from
  nomad_acl_role
where
  name in (
    select
      jsonb_array_elements_text(roles)
    from
      nomad_acl_token
  );

select
  id,
  name,
  description,
  create_index,
  modify_index
from
  nomad_acl_role
where
  name in (
    select
      json_each.value
    from
      nomad_acl_token,
      json_each(roles)
  );

Schema for nomad_acl_role

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
create_index	bigint		The index when the ACL role was created.
description	text		A human-readable, operator set description that can provide additional context about the ACL role.
id	text	=	The ID of the ACL role.
modify_index	bigint		The index when the ACL role was last modified.
name	text		The name of the ACL role.
policies	jsonb		An array of ACL policy links.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		The title of the acl role.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- nomad

You can pass the configuration to the command with the --config argument:

steampipe_export_nomad --config '<your_config>' nomad_acl_role