nomad

kemko/nomad

Fork 0

mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00

Commit Graph

Author	SHA1	Message	Date
Tim Gross	2cf341b761	drain: use authenticated ID as source of drained-by metadata (#20317 ) When a node is set to drain, the state store reads the auth token off the request to record `LastDrain` metadata about the token used to drain the node. This code path in the state store can't correctly handle signed Workload Identity tokens or bearer tokens that may have expired (for example, while restarting a server and applying uncompacted Raft logs). Rather than re-authenticating the request at the time of FSM apply, record the string derived from the authenticated identity as part of the Raft log entry. Fixes: https://github.com/hashicorp/nomad/issues/17471	2024-04-09 09:28:24 -04:00

Author

SHA1

Message

Date

Tim Gross

2cf341b761

drain: use authenticated ID as source of drained-by metadata (#20317 )

When a node is set to drain, the state store reads the auth token off the
request to record `LastDrain` metadata about the token used to drain the
node. This code path in the state store can't correctly handle signed Workload
Identity tokens or bearer tokens that may have expired (for example, while
restarting a server and applying uncompacted Raft logs).

Rather than re-authenticating the request at the time of FSM apply, record the
string derived from the authenticated identity as part of the Raft log
entry.

Fixes: https://github.com/hashicorp/nomad/issues/17471

2024-04-09 09:28:24 -04:00

1 Commits