Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: remove timestamps from WhoAmI response #19578

Merged
merged 1 commit into from
Jan 3, 2024
Merged

acl: remove timestamps from WhoAmI response #19578

merged 1 commit into from
Jan 3, 2024
+58 −0

Conversation

tgross
Copy link
Member

@tgross tgross commented Jan 2, 2024
edited
Loading

In Nomad 1.7 we updated our JWT library to go-jose, but this changed the wire format of the embedded struct we have in the IdentityClaims struct that we return as part of the WhoAmI RPC response. This wasn't originally intended to be sent over the wire but other changes in Nomad 1.5+ added a caller to the client. The library change causes a deserialization error on Nomad 1.5 and 1.6 clients, which prevents access to Nomad Variables and SD via template blocks.

Removed the incompatible fields from the response, which are unused by any current caller. In a future version of Nomad, we'll likely remove the WhoAmI callers from the client in lieu of using the public keys the clients have to check auth.

Fixes: #19555
See also: #19580

@tgross tgross force-pushed the whoami-wire-format branch from c6dc202 to 9a45cfa Compare January 2, 2024 19:36
@tgross tgross mentioned this pull request Jan 2, 2024
Open
@tgross tgross added this to the 1.7.x milestone Jan 2, 2024
@tgross
acl: remove timestamps from WhoAmI response

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
0bdb10c 
In Nomad 1.7 we updated our JWT library to go-jose, but this changed the wire
format of the embedded struct we have in the `IdentityClaims` struct that we
return as part of the `WhoAmI` RPC response. This wasn't originally intended to
be sent over the wire but other changes in Nomad 1.5+ added a caller to the
client. The library change causes a deserialization error on Nomad 1.5 and 1.6
clients, which prevents access to Nomad Variables and SD via template blocks.

Removed the incompatible fields from the response, which are unused by any
current caller. In a future version of Nomad, we'll likely remove the `WhoAmI`
callers from the client in lieu of using the public keys the clients have to
check auth.

Fixes: #19555
@tgross tgross force-pushed the whoami-wire-format branch from 9a45cfa to 0bdb10c Compare January 2, 2024 19:53
@tgross tgross mentioned this pull request Jan 2, 2024
Closed
@tgross tgross marked this pull request as ready for review January 2, 2024 20:12
@tgross tgross requested review from schmichael and jrasell January 2, 2024 20:12
@tgross tgross added the backport/1.7.x backport to 1.7.x release line label Jan 2, 2024
@tgross tgross merged commit f2630ad into main Jan 3, 2024
@tgross tgross deleted the whoami-wire-format branch January 3, 2024 13:24
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Jan 3, 2024
Merged
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@schmichael schmichael

@jrasell jrasell

Assignees
No one assigned
Labels
backport/1.7.x backport to 1.7.x release line theme/auth type/bug
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.

After upgrading from 1.6 to 1.7 receiving errors on nomad variable jobs
2 participants
@tgross @schmichael