nomad login errors before determining the default auth method type

[xkisu]

Nomad version

v1.5.0

Operating system and Environment details

Ubuntu 22.04.2 LTS

Issue

The documentation for the nomad login command and the integration guide here state that the type flag is optional if an admin has configured a default, however this is not the case.

Line 117 in login.go explicitly rejects any calls to nomad login that don't have OIDC set as the type:

switch l.authMethodType {
case api.ACLAuthMethodTypeOIDC:
default:
	l.Ui.Error(fmt.Sprintf("Unsupported authentication type %q", l.authMethodType))
	return 1
}

There is a check further down for a default auth method, at line 143 that will set the type to be the type of the default auth method, but that section of the code is never reached because the switch statement above returns an error before it can try to determine the default type.

Reproduction steps

1. Register an auth method with Nomad (i.e. following this guide)
2. Make sure the auth method is set as default (nomad acl auth-method info vault)
3. Try to run nomad login without specifying the type, you'll receive an error Unsupported authentication type ""

Expected Result

It should be selecting the default auth method and using the type from that. These is code defined in the command to do so, but the switch statement further up cancels it out before it can try to determine the default.

Actual Result

Unsupported authentication type ""

[pkazmierczak]

Hi @xkisu, thanks for pointing out the bug. You are right that the documented and expected behavior don't match the implementation, we'll be fixing it promptly.

[pkazmierczak]

Hey @xkisu, we just merged a fix and it will be included in the next release. While fixing it, we noticed that nomad login doesn't actually need a -type flag, since auth method names are unique. Thus the fix removes the flag (although it will not error if the flag is submitted, it will just print a deprecation warning until 1.6.0), and it now correctly respects the default auth method if set.

Once again thanks for catching this!

[xkisu]

Hey @xkisu, we just merged a fix and it will be included in the next release. While fixing it, we noticed that nomad login doesn't actually need a -type flag, since auth method names are unique. Thus the fix removes the flag (although it will not error if the flag is submitted, it will just print a deprecation warning until 1.6.0), and it now correctly respects the default auth method if set.

Once again thanks for catching this!

Thank you for merging a fix so quickly!

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.