Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of consul: allow non-root Nomad to rewrite token into release/1.9.x #24488

Merged
merged 1 commit into from
Nov 19, 2024
Merged

Backport of consul: allow non-root Nomad to rewrite token into release/1.9.x #24488

merged 1 commit into from
Nov 19, 2024

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #24410 to be assessed for backporting due to the inclusion of the label backport/1.9.x.

The below text is copied from the body of the original PR.

When a task restarts, the Nomad client may need to rewrite the Consul token, but it's created with permissions that prevent a non-root agent from writing to it. While Nomad clients should be run as root (currently), it's harmless to allow whatever user the Nomad agent is running as to be able to write to it, and that's one less barrier to rootless Nomad.

(Note that the Vault token already has u+rw permissions.)

Ref: #23859 (comment)

Overview of commits

@tgross tgross merged commit fedb7cf into release/1.9.x Nov 19, 2024
20 checks passed
@tgross tgross deleted the backport/b-consul-token-permissions/thankfully-just-swift branch November 19, 2024 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross tgross approved these changes

Assignees

@tgross tgross

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-nomad-core @tgross