set Vault namespace from task in vault_hook JWT login (#19080)

The JWT login codepath for the `vault_hook` was missing the Vault namespace, so the login request for non-default namespaces would fail.
2026-01-06 18:35:44 +03:00 · 2023-11-14 09:54:36 -05:00
parent bae82b14b4
commit b5af87ebf3
3 changed files with 27 additions and 12 deletions
--- a/client/allocrunner/taskrunner/vault_hook.go
+++ b/client/allocrunner/taskrunner/vault_hook.go
@@ -431,8 +431,9 @@ func (h *vaultHook) deriveVaultTokenJWT() (string, error) {

 	// Derive Vault token with signed identity.
 	token, err := h.client.DeriveTokenWithJWT(h.ctx, vaultclient.JWTLoginRequest{
-		JWT:  signed.JWT,
-		Role: role,
+		JWT:       signed.JWT,
+		Role:      role,
+		Namespace: h.vaultBlock.Namespace,
 	})
 	if err != nil {
 		return "", structs.WrapRecoverable(