mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
2cf341b761
When a node is set to drain, the state store reads the auth token off the request to record `LastDrain` metadata about the token used to drain the node. This code path in the state store can't correctly handle signed Workload Identity tokens or bearer tokens that may have expired (for example, while restarting a server and applying uncompacted Raft logs). Rather than re-authenticating the request at the time of FSM apply, record the string derived from the authenticated identity as part of the Raft log entry. Fixes: https://github.com/hashicorp/nomad/issues/17471
8 lines
259 B
Plaintext
8 lines
259 B
Plaintext
```release-note:bug
|
|
drain: Fixed a bug where Workload Identity tokens could not be used to drain a node
|
|
```
|
|
|
|
```release-note:bug
|
|
state: Fixed a bug where restarting a server could fail if the Raft logs include a drain update that used a now-expired token
|
|
```
|