Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootstrap Nomad ACL system if no token is given #12451

Merged
merged 7 commits into from
Apr 20, 2022
Merged

Bootstrap Nomad ACL system if no token is given #12451

merged 7 commits into from
Apr 20, 2022

Conversation

Mongey
Copy link
Contributor

@Mongey Mongey commented Aug 27, 2021

Similar to the Bootstrap the Consul ACL system if no token is given
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

@vercel vercel bot temporarily deployed to Preview – vault August 27, 2021 15:17 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 27, 2021 15:17 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 15, 2022 23:52 Inactive
@hghaf099
Copy link
Contributor

hghaf099 commented Feb 7, 2022

@Mongey are you still interested in working on this PR?

@vercel vercel bot temporarily deployed to Preview – vault-storybook February 7, 2022 22:53 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 7, 2022 22:57 Inactive
@Mongey
Copy link
Contributor Author

Mongey commented Feb 7, 2022

@hghaf099 yep

@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2022 00:14 Inactive
@Mongey Mongey marked this pull request as ready for review February 9, 2022 00:15
@Mongey Mongey requested a review from a team February 9, 2022 00:15
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2022 23:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 18, 2022 12:16 Inactive
@Mongey
Copy link
Contributor Author

Mongey commented Apr 19, 2022

bump

swenson
swenson reviewed Apr 19, 2022
View reviewed changes
Copy link
Contributor

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! Just a few small-ish comments.

builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
builtin/logical/nomad/path_config_access.go Outdated Show resolved Hide resolved
builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
@Mongey
Bootstrap Nomad ACL system if no token is given
c98e7cd 
Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:hashicorp#10751
@Mongey
Add changelog entry
b79502f
@Mongey
Remove debug log line
105b898
swenson
swenson approved these changes Apr 20, 2022
View reviewed changes
Copy link
Contributor

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I pulled it down and tested it locally. It seems to simplify the process of getting it to work locally, i.e., I can now just run

# window 1
sudo nomad agent -dev -bind 0.0.0.0 -log-level INFO -acl-enabled
# window 2
vault server -dev 
# window 3
vault secrets enable nomad
vault write nomad/config/access address=http://127.0.0.1:4646
vault write nomad/role/monitoring policies=readonly
vault read nomad/creds/monitoring

And skip having to run nomad acl boostrap. Though if we do still run nomad acl boostrap manually, as before, it works as expected.

Thanks so much for your contribution!

@swenson swenson merged commit cf38686 into hashicorp:main Apr 20, 2022
schultz-is pushed a commit that referenced this pull request Apr 27, 2022
@Mongey
Bootstrap Nomad ACL system if no token is given (#12451)
6847d7f 
* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:#10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt
schultz-is pushed a commit that referenced this pull request May 2, 2022
@Mongey
Bootstrap Nomad ACL system if no token is given (#12451)
00f48c5 
* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:#10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swenson swenson swenson approved these changes

Assignees
No one assigned
Labels
enhancement secret/nomad
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Mongey @hghaf099 @swenson @heatherezell