Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of consul: check for acceptable service identity on consul tokens into release/1.4.x #15936

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #15928 to be assessed for backporting due to the inclusion of the label backport/1.4.x.

The below text is copied from the body of the original PR.


When registering a job with a service and 'consul.allow_unauthenticated=false',
we scan the given Consul token for an acceptable policy or role with an
acceptable policy, but did not scan for an acceptable service identity (which
is backed by an acceptable virtual policy). This PR updates our consul token
validation to also accept a matching service identity when registering a service
into Consul.

Fixes #15902

@hc-github-team-nomad-core hc-github-team-nomad-core force-pushed the backport/consul-si-permissions/horribly-loved-mongrel branch from 3add8a3 to 07f71c3 Compare January 28, 2023 00:16
@hc-github-team-nomad-core hc-github-team-nomad-core merged commit 7ea0baf into release/1.4.x Jan 28, 2023
@hc-github-team-nomad-core hc-github-team-nomad-core deleted the backport/consul-si-permissions/horribly-loved-mongrel branch January 28, 2023 00:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants