Remove Vault flag from job revert command.

hashicorp · Feb 21, 2025 · 165d53a · 165d53a
1 parent 1ee09ed
commit 165d53a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 27 deletions.
diff --git a/api/jobs.go b/api/jobs.go
@@ -549,15 +549,14 @@ func (j *Jobs) Dispatch(jobID string, meta map[string]string,
 // enforceVersion is set, the job is only reverted if the current version is at
 // the passed version.
 func (j *Jobs) Revert(jobID string, version uint64, enforcePriorVersion *uint64,
-	q *WriteOptions, consulToken, vaultToken string) (*JobRegisterResponse, *WriteMeta, error) {
+	q *WriteOptions, consulToken, _ string) (*JobRegisterResponse, *WriteMeta, error) {
 
 	var resp JobRegisterResponse
 	req := &JobRevertRequest{
 		JobID:               jobID,
 		JobVersion:          version,
 		EnforcePriorVersion: enforcePriorVersion,
 		ConsulToken:         consulToken,
-		VaultToken:          vaultToken,
 	}
 	wm, err := j.client.put("/v1/job/"+url.PathEscape(jobID)+"/revert", req, &resp, q)
 	if err != nil {
@@ -1455,12 +1454,6 @@ type JobRevertRequest struct {
 	// token and is not stored after the Job revert.
 	ConsulToken string `json:",omitempty"`
 
-	// VaultToken is the Vault token that proves the submitter of the job revert
-	// has access to any Vault policies specified in the targeted job version. This
-	// field is only used to authorize the revert and is not stored after the Job
-	// revert.
-	VaultToken string `json:",omitempty"`
-
 	WriteRequest
 }
 

diff --git a/command/job_revert.go b/command/job_revert.go
@@ -49,10 +49,6 @@ Revert Options:
    The Consul token used to verify that the caller has access to the Service
    Identity policies associated in the targeted version of the job.
 
-  -vault-token
-   The Vault token used to verify that the caller has access to the Vault
-   policies in the targeted version of the job.
-
   -verbose
     Display full information.
 `
@@ -90,14 +86,13 @@ func (c *JobRevertCommand) Name() string { return "job revert" }
 
 func (c *JobRevertCommand) Run(args []string) int {
 	var detach, verbose bool
-	var consulToken, vaultToken string
+	var consulToken string
 
 	flags := c.Meta.FlagSet(c.Name(), FlagSetClient)
 	flags.Usage = func() { c.Ui.Output(c.Help()) }
 	flags.BoolVar(&detach, "detach", false, "")
 	flags.BoolVar(&verbose, "verbose", false, "")
 	flags.StringVar(&consulToken, "consul-token", "", "")
-	flags.StringVar(&vaultToken, "vault-token", "", "")
 
 	if err := flags.Parse(args); err != nil {
 		return 1
@@ -130,12 +125,6 @@ func (c *JobRevertCommand) Run(args []string) int {
 		consulToken = os.Getenv("CONSUL_HTTP_TOKEN")
 	}
 
-	// Parse the Vault token
-	if vaultToken == "" {
-		// Check the environment variable
-		vaultToken = os.Getenv("VAULT_TOKEN")
-	}
-
 	// Parse the job version or version tag
 	var revertVersion uint64
 
@@ -161,7 +150,7 @@ func (c *JobRevertCommand) Run(args []string) int {
 
 	// Prefix lookup matched a single job
 	q := &api.WriteOptions{Namespace: namespace}
-	resp, _, err := client.Jobs().Revert(jobID, revertVersion, nil, q, consulToken, vaultToken)
+	resp, _, err := client.Jobs().Revert(jobID, revertVersion, nil, q, consulToken, "")
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf("Error retrieving job versions: %s", err))
 		return 1

diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go
@@ -960,12 +960,6 @@ type JobRevertRequest struct {
 	// token and is not stored after the Job revert.
 	ConsulToken string
 
-	// VaultToken is the Vault token that proves the submitter of the job revert
-	// has access to any Vault policies specified in the targeted job version. This
-	// field is only used to transfer the token and is not stored after the Job
-	// revert.
-	VaultToken string
-
 	WriteRequest
 }