Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vault: ignore allow_unauthenticated config if identity is set #19585

Merged
merged 1 commit into from
Jan 2, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Jan 2, 2024

When the server's vault block has a default identity, we don't check the user's Vault token (and in fact, we warn them on job submit if they've provided one). But the validation hook still checks for a token if allow_unauthenticated is set to true. This is a misconfiguration but there's no reason for Nomad not to do the expected thing here.

Fixes: #19565

When the server's `vault` block has a default identity, we don't check the
user's Vault token (and in fact, we warn them on job submit if they've provided
one). But the validation hook still checks for a token if
`allow_unauthenticated` is set to true. This is a misconfiguration but there's
no reason for Nomad not to do the expected thing here.

Fixes: #19565
@tgross tgross merged commit e7ca2b5 into main Jan 2, 2024
23 checks passed
@tgross tgross deleted the validate-vault-config branch January 2, 2024 21:46
tgross added a commit that referenced this pull request Jan 2, 2024
When the server's `vault` block has a default identity, we don't check the
user's Vault token (and in fact, we warn them on job submit if they've provided
one). But the validation hook still checks for a token if
`allow_unauthenticated` is set to true. This is a misconfiguration but there's
no reason for Nomad not to do the expected thing here.

Fixes: #19565
@tgross
Copy link
Member Author

tgross commented Jan 2, 2024

Backported to 1.7.x by hand

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Nomad validate not working with new Workload Identity Vault integration
2 participants