mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
18fdda6242
The Vault "logical" API doesn't allow configuring the namespace on a per-request basis. Instead, it's set on the client. Our `vaultclient` wrapper locks access to the API client and sets the namespace (and token, if applicable) for each request, and then resets the namespace and unlocks the API client. The logic for resetting the namespace incorrectly assumed that if the Vault configuration didn't set the namespace that it was canonicalized to the non-empty string `"default"`. This results in the API client's namespace getting "stuck" whenever a job uses a non-default namespace if the configuration value is empty. Update the logic to always go back to the configuration, rather than accepting the "previous" namespace from the caller. This changeset also removes some long-dead code in the Vault client wrapper. Fixes: https://github.com/hashicorp/nomad/issues/22230 Ref: https://hashicorp.atlassian.net/browse/NET-10207