Nomad Docs: Add anonymous policy warning to ACL overview (#1483)

aimeeu · web-flow · commit 3b6630af8cee · 2025-12-09T12:30:44.000-06:00
## Description - Add anonymous policy warning to 1.11, 1.10 to ACL system overview page, Policies section. I missed porting the warning when I moved content from tutorials to docs in 1.10. Deniz Dugan (Security) requested this. ## Links Jira: [CE-1094] - https://unified-docs-frontend-preview-kk0w9xcxy-hashicorp.vercel.app/nomad/docs/secure/acl#policies - https://unified-docs-frontend-preview-kk0w9xcxy-hashicorp.vercel.app/nomad/docs/v1.10.x/secure/acl#policies ## Contributor checklists Review urgency: - [ ] ASAP: Bug fixes, broken content, imminent releases - [x] 3 days: Small changes, easy reviews - [ ] 1 week: Default expectation - [ ] Best effort: No urgency Pull request: - [x] Verify that the PR is set to merge into the correct base branch - [x] Verify that all status checks passed - [x] Verify that the preview environment deployed successfully - [ ] Add additional reviewers if they are not part of assigned groups Content: - [ ] I added redirects for any moved or removed pages - [ ] I followed the [Education style guide](https://github.com/hashicorp/web-unified-docs/tree/main/docs/style-guide) - [x] I looked at the local or Vercel build to make sure the content rendered correctly ## Reviewer checklist - [ ] This PR is set to merge into the correct base branch. - [ ] The content does not contain technical inaccuracies. - [ ] The content follows the Education content and style guides. - [ ] I have verified and tested changes to instructions for end users. [CE-1094]: https://hashicorp.atlassian.net/browse/CE-1094?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
diff --git a/content/nomad/global/partials/warn-anon-policy.mdx b/content/nomad/global/partials/warn-anon-policy.mdx
@@ -0,0 +1,6 @@
+<Warning>
+
+All unauthenticated requests to Nomad receive permissions from the anonymous token. To ensure clusters remain secure, we recommend using tokens with specific policies instead of an overly permissive anonymous token.
+
+</Warning>
+
diff --git a/content/nomad/v1.10.x/content/docs/secure/acl/index.mdx b/content/nomad/v1.10.x/content/docs/secure/acl/index.mdx
@@ -38,6 +38,8 @@ list jobs and view their status, while requiring authenticated requests to
 submit new jobs or modify existing jobs. By default, there is no `anonymous`
 policy set meaning all anonymous requests are denied.
 
+@include '../../../global/partials/warn-anon-policy.mdx'
+
 ## Roles
 
 Roles group one or more ACL policies into a container which can then be used to
diff --git a/content/nomad/v1.11.x/content/docs/secure/acl/index.mdx b/content/nomad/v1.11.x/content/docs/secure/acl/index.mdx
@@ -38,6 +38,8 @@ list jobs and view their status, while requiring authenticated requests to
 submit new jobs or modify existing jobs. By default, there is no `anonymous`
 policy set meaning all anonymous requests are denied.
 
+@include '../../../global/partials/warn-anon-policy.mdx'
+
 ## Roles
 
 Roles group one or more ACL policies into a container which can then be used to
