vault: Remove legacy token based authentication workflow. (#25155)

The legacy workflow for Vault whereby servers were configured using a token to provide authentication to the Vault API has now been removed. This change also removes the workflow where servers were responsible for deriving Vault tokens for Nomad clients. The deprecated Vault config options used byi the Nomad agent have all been removed except for "token" which is still in use by the Vault Transit keyring implementation. Job specification authors can no longer use the "vault.policies" parameter and should instead use "vault.role" when not using the default workload identity. --------- Co-authored-by: Tim Gross <tgross@hashicorp.com> Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
2026-01-01 16:05:42 +03:00 · 2025-02-28 08:40:02 +01:00
parent 4a62d1b75c
commit 7268053174
79 changed files with 464 additions and 8077 deletions
--- a/testutil/vault.go
+++ b/testutil/vault.go
@@ -97,7 +97,6 @@ func NewTestVaultFromPath(t testing.T, binary string) *TestVault {
 		Config: &config.VaultConfig{
 			Name:    structs.VaultDefaultCluster,
 			Enabled: &enable,
-			Token:   token,
 			Addr:    http,
 		},
 	}
@@ -179,7 +178,6 @@ func NewTestVaultDelayedFromPath(t testing.T, binary string) *TestVault {
 		Client:    client,
 		Config: &config.VaultConfig{
 			Enabled: &enable,
-			Token:   token,
 			Addr:    http,
 		},
 	}