github.com/hernad/nomad@v1.6.112/e2e/workload_id/input/api-auth.nomad.hcl (about) 1 # Copyright (c) HashiCorp, Inc. 2 # SPDX-License-Identifier: MPL-2.0 3 4 job "api-auth" { 5 type = "batch" 6 7 constraint { 8 attribute = "${attr.kernel.name}" 9 value = "linux" 10 } 11 12 group "api-auth" { 13 14 # none task should get a 401 response 15 task "none" { 16 driver = "docker" 17 config { 18 image = "curlimages/curl:7.87.0" 19 args = [ 20 "--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock", 21 "-v", 22 "localhost/v1/agent/health", 23 ] 24 } 25 resources { 26 cpu = 16 27 memory = 32 28 disk = 64 29 } 30 } 31 32 # bad task should get a 403 response 33 task "bad" { 34 driver = "docker" 35 config { 36 image = "curlimages/curl:7.87.0" 37 args = [ 38 "--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock", 39 "-H", "X-Nomad-Token: 37297754-3b87-41da-9ac7-d98fd934deed", 40 "-v", 41 "localhost/v1/agent/health", 42 ] 43 } 44 resources { 45 cpu = 16 46 memory = 32 47 disk = 64 48 } 49 } 50 51 # docker-wid task should succeed due to using workload identity 52 task "docker-wid" { 53 driver = "docker" 54 55 config { 56 image = "curlimages/curl:7.87.0" 57 args = [ 58 "--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock", 59 "-H", "Authorization: Bearer ${NOMAD_TOKEN}", 60 "-v", 61 "localhost/v1/agent/health", 62 ] 63 } 64 65 identity { 66 env = true 67 } 68 69 resources { 70 cpu = 16 71 memory = 32 72 disk = 64 73 } 74 } 75 76 # exec-wid task should succeed due to using workload identity 77 task "exec-wid" { 78 driver = "exec" 79 80 config { 81 command = "curl" 82 args = [ 83 "-H", "Authorization: Bearer ${NOMAD_TOKEN}", 84 "--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock", 85 "-v", 86 "localhost/v1/agent/health", 87 ] 88 } 89 90 identity { 91 env = true 92 } 93 94 resources { 95 cpu = 16 96 memory = 32 97 disk = 64 98 } 99 } 100 } 101 }