When sending a GET request to get allocation logs, you can specify any nomad job ID and allocation ID as payload. As long as your user instance regex matches the payload, you will receive the logs about that allocation, independent of whether a corresponding instance exists in Broccoli.
How to Reproduce
Start a nomad job called my-http
Start Broccoli, and send a GET to http://localhost:9000/downloads/instances/my-http/allocations/65517f7c-1d77-4250-c10d-8992ca7703ec/tasks/http-task/logs/stdout?offset=500KiB
Receive log
Expected Response
404
Solution
Validate that the requested instance is really an instance and do not just forward to Nomad.
Problem
When sending a GET request to get allocation logs, you can specify any nomad job ID and allocation ID as payload. As long as your user instance regex matches the payload, you will receive the logs about that allocation, independent of whether a corresponding instance exists in Broccoli.
How to Reproduce
my-httphttp://localhost:9000/downloads/instances/my-http/allocations/65517f7c-1d77-4250-c10d-8992ca7703ec/tasks/http-task/logs/stdout?offset=500KiBExpected Response
404
Solution
Validate that the requested instance is really an instance and do not just forward to Nomad.