validateRole should use the new "token_period" instead of "period"

[khicks]

Nomad version

Nomad v0.10.0 (25ee121)

Issue

The validateRole function checks that the deprecated "period" attribute of the Vault token role is non-zero instead of the new "token_period" attribute. If "period" is zero and "token_period" is non-zero, the job will fail.

Reproduction steps

Create a Vault token role in Terraform.

resource "vault_policy" "nomad_job" {
  name   = "nomad/job"
  policy = file("policies/nomad-job.hcl")
}

resource "vault_token_auth_backend_role" "nomad_job" {
  role_name              = "nomad-job"
  token_explicit_max_ttl = "0"
  token_period           = "259200"
  #period                = "259200"
  renewable = true
  orphan    = true

  allowed_policies = [
    vault_policy.nomad_job.name,
  ]
}

Since the "period" attribute is not set in Terraform, it will be set to 0 in Vault, resulting in an error in Nomad:

Vault: server failed to derive vault token: failed to establish connection to Vault: 1 error(s) occurred: * Role must have a non-zero period to make tokens periodic.

Both attributes cannot be used at the same time, and using "period" throws a deprecation warning.

Thanks for reading and your hard work!

[djenriquez]

@notnoop did this make it to 0.10.1? I do not see a reference for it in the changelog.

[notnoop]

Nope - it'll be in 0.10.2 and it's captured in changelog updates in https://github.com/hashicorp/nomad/pull/6652/files .

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.