kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

agent: add top-level warning if mTLS is not configured (#16800)

Browse Source 
Nomad's security model requires mTLS in order to secure client-to-server and
server-to-server communications. Configuring ACLs alone is not enough. Loudly
warn the user if mTLS is not configured in non-dev modes.
This commit is contained in:
Tim Gross
2023-04-05 14:43:45 -04:00
committed by GitHub
parent c1a09a0edd
commit b08edf385a
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
command/agent/command.go
View File

@@ -328,6 +328,10 @@ func (c *Command) IsValidConfig(config, cmdConfig *Config) bool {
c.Ui.Error(fmt.Sprintf("WARNING: Error when parsing TLS configuration: %v", err))
}
}
if !config.DevMode && (config.TLSConfig == nil ||
!config.TLSConfig.EnableHTTP || !config.TLSConfig.EnableRPC) {
c.Ui.Error("WARNING: mTLS is not configured - Nomad is not secure without mTLS!")
}
if config.Server.EncryptKey != "" {
if _, err := config.Server.EncryptBytes(); err != nil {