Consul: agent config updates for WI (#18774)

This changeset makes two changes: * Removes the `consul.use_identity` field from the agent configuration. This behavior is properly covered by the presence of `consul.service_identity` / `consul.task_identity` blocks. * Adds a `consul.task_auth_method` and `consul.service_auth_method` fields to the agent configuration. This allows the cluster administrator to choose specific Consul Auth Method names for their environment, with a reasonable default.
2026-01-04 17:35:43 +03:00 · 2023-10-17 14:42:14 -04:00
parent ac56855f07
commit d0957eb109
16 changed files with 185 additions and 289 deletions
--- a/command/agent/testdata/basic.hcl
+++ b/command/agent/testdata/basic.hcl
@@ -245,13 +245,16 @@ consul {
  auto_advertise         = true
  checks_use_advertise   = true
  timeout                = "5s"
-  use_identity           = true
+  service_auth_method    = "nomad-workloads"
+  task_auth_method       = "nomad-tasks"
+
  service_identity {
    aud  = ["consul.io", "nomad.dev"]
    env  = false
    file = true
    ttl  = "1h"
  }
+
  task_identity {
    aud  = ["consul.io"]
    env  = true
--- a/command/agent/testdata/basic.json
+++ b/command/agent/testdata/basic.json
@@ -167,6 +167,9 @@
      "server_rpc_check_name": "nomad-server-rpc-health-check",
      "server_serf_check_name": "nomad-server-serf-health-check",
      "server_service_name": "nomad",
+      "service_auth_method": "nomad-workloads",
+      "task_auth_method": "nomad-tasks",
+
      "service_identity": {
        "aud": [
          "consul.io",
@@ -187,7 +190,6 @@
      },
      "timeout": "5s",
      "token": "token1",
-      "use_identity": true,
      "verify_ssl": true
    }
  ],