Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bootstrap Nomad ACL system if no token is given #12451

Merged
merged 7 commits into from
Apr 20, 2022

Conversation

Mongey
Copy link
Contributor

@Mongey Mongey commented Aug 27, 2021

Similar to the Bootstrap the Consul ACL system if no token is given
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

@vercel vercel bot temporarily deployed to Preview – vault August 27, 2021 15:17 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook August 27, 2021 15:17 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 15, 2022 23:52 Inactive
@hghaf099
Copy link
Contributor

hghaf099 commented Feb 7, 2022

@Mongey are you still interested in working on this PR?

@Mongey Mongey force-pushed the cm-nomad-bootstrap branch from a90860f to 4cf01e3 Compare February 7, 2022 22:53
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 7, 2022 22:53 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 7, 2022 22:57 Inactive
@Mongey
Copy link
Contributor Author

Mongey commented Feb 7, 2022

@hghaf099 yep

@vercel vercel bot temporarily deployed to Preview – vault-storybook February 9, 2022 00:14 Inactive
@Mongey Mongey marked this pull request as ready for review February 9, 2022 00:15
@Mongey Mongey requested a review from a team February 9, 2022 00:15
@Mongey Mongey force-pushed the cm-nomad-bootstrap branch from 5bd5a77 to 7b2eb0d Compare February 17, 2022 23:50
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2022 23:51 Inactive
@Mongey Mongey force-pushed the cm-nomad-bootstrap branch from 7b2eb0d to 1ca413b Compare February 18, 2022 12:16
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 18, 2022 12:16 Inactive
@Mongey
Copy link
Contributor Author

Mongey commented Apr 19, 2022

bump

Copy link
Contributor

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! Just a few small-ish comments.

builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
builtin/logical/nomad/path_config_access.go Outdated Show resolved Hide resolved
builtin/logical/nomad/backend_test.go Outdated Show resolved Hide resolved
Mongey added 3 commits April 19, 2022 22:35
Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:hashicorp#10751
@Mongey Mongey force-pushed the cm-nomad-bootstrap branch from 1ca413b to 105b898 Compare April 19, 2022 21:37
Copy link
Contributor

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I pulled it down and tested it locally. It seems to simplify the process of getting it to work locally, i.e., I can now just run

# window 1
sudo nomad agent -dev -bind 0.0.0.0 -log-level INFO -acl-enabled
# window 2
vault server -dev 
# window 3
vault secrets enable nomad
vault write nomad/config/access address=http://127.0.0.1:4646
vault write nomad/role/monitoring policies=readonly
vault read nomad/creds/monitoring

And skip having to run nomad acl boostrap. Though if we do still run nomad acl boostrap manually, as before, it works as expected.

Thanks so much for your contribution!

@swenson swenson merged commit cf38686 into hashicorp:main Apr 20, 2022
schultz-is pushed a commit that referenced this pull request Apr 27, 2022
* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:#10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt
schultz-is pushed a commit that referenced this pull request May 2, 2022
* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:#10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants