Skip to content

Commit

Permalink
client: make sure consul_hook does not perform double requests for ta…
Browse files Browse the repository at this point in the history 
…sks (hashicorp#19137)
  • Loading branch information
@pkazmierczak @nvanthao
pkazmierczak authored and nvanthao committed Mar 1, 2024
1 parent 8a6eb47 commit b0939e8
Showing 1 changed file with 21 additions and 29 deletions.
50 changes: 21 additions & 29 deletions client/allocrunner/consul_hook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,21 +127,17 @@ func (h *consulHook) prepareConsulTokensForTask(task *structs.Task, tg *structs.
}

ti := *task.IdentityHandle(i)

req, err := h.prepareConsulClientReq(ti, consulConfig.TaskIdentityAuthMethod)
if err != nil {
mErr.Errors = append(mErr.Errors, err)
continue
}

jwt, err := h.widmgr.Get(ti)
if err != nil {
h.logger.Error("error getting signed identity", "error", err)
mErr.Errors = append(mErr.Errors, err)
mErr.Errors = append(mErr.Errors, fmt.Errorf(
"error getting signed identity for task %s: %v",
task.Name, err,
))
continue
}

req[task.Identity.Name] = consul.JWTLoginRequest{
req := map[string]consul.JWTLoginRequest{}
req[ti.IdentityName] = consul.JWTLoginRequest{
JWT: jwt.JWT,
AuthMethodName: consulConfig.TaskIdentityAuthMethod,
}
Expand Down Expand Up @@ -175,8 +171,21 @@ func (h *consulHook) prepareConsulTokensForServices(services []*structs.Service,
return fmt.Errorf("no such consul cluster: %s", clusterName)
}

req, err := h.prepareConsulClientReq(
*service.IdentityHandle(), consulConfig.ServiceIdentityAuthMethod)
req := map[string]consul.JWTLoginRequest{}
identity := *service.IdentityHandle()
jwt, err := h.widmgr.Get(identity)
if err != nil {
mErr.Errors = append(mErr.Errors, fmt.Errorf(
"error getting signed identity for service %s: %v",
service.Name, err,
))
continue
}

req[identity.IdentityName] = consul.JWTLoginRequest{
JWT: jwt.JWT,
AuthMethodName: consulConfig.ServiceIdentityAuthMethod,
}
if err != nil {
mErr.Errors = append(mErr.Errors, err)
continue
Expand Down Expand Up @@ -224,23 +233,6 @@ func (h *consulHook) clientForCluster(cluster string) (consul.Client, error) {
return h.consulClientConstructor(consulConf, h.logger)
}

func (h *consulHook) prepareConsulClientReq(identity structs.WIHandle, authMethodName string) (map[string]consul.JWTLoginRequest, error) {
req := map[string]consul.JWTLoginRequest{}

jwt, err := h.widmgr.Get(identity)
if err != nil {
h.logger.Error("error getting signed identity", "error", err)
return req, err
}

req[identity.IdentityName] = consul.JWTLoginRequest{
JWT: jwt.JWT,
AuthMethodName: authMethodName,
}

return req, nil
}

// Postrun cleans up the Consul tokens after the tasks have exited.
func (h *consulHook) Postrun() error {
tokens := h.hookResources.GetConsulTokens()
Expand Down

0 comments on commit b0939e8

Please sign in to comment.