Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for initial_management token like in Consul #7777

Closed
apollo13 opened this issue Apr 22, 2020 · 8 comments · Fixed by #12520
Closed

Add support for initial_management token like in Consul #7777

apollo13 opened this issue Apr 22, 2020 · 8 comments · Fixed by #12520
Labels
theme/auth type/enhancement

Comments

@apollo13
Copy link
Contributor

It would be great if it were possible to preset a token with access-id & secret-id like in consul: https://www.consul.io/docs/agent/options.html#acl_tokens This way nomad could be initialized easier via configuration management tools.
@evandam
Copy link

evandam commented Apr 22, 2020

Agreed, having the option to create tokens with predefined values like in Consul would be a big help and keep things more consistent.

@scalp42
Copy link
Contributor

scalp42 commented Apr 22, 2020

Same here main use case is configuration management so we could have clusters bootstrap ACLs themselves in a much more straightforward way.

@Y-Tian
Copy link

Y-Tian commented Apr 22, 2020

+1 we would like to see this feature as well.

@th0m
Copy link
Contributor

th0m commented Apr 23, 2020

+1, would love to get feature parity with Consul for token management.

@notnoop
Copy link
Contributor

notnoop commented Apr 24, 2020

Good suggestion! We will mark it as an enhancement we'd consider in the roadmap. Thanks!

@skarrok skarrok mentioned this issue May 12, 2020
Closed
@apollo13
Copy link
Contributor Author

Copying my comment from the PR so it doesn't get lost when the PR is closed:

What do you think about altering the /acl/bootstrap endpoint (or maybe even introduce a new one) to allow the enduser to submit a token pair to it (AccessorID & SecretID) which will be used as the initial management token? This way you can safely store the token pair in a system suitable for your automation (for example an ansible vault) but you would not leak it onto the machines.

@mikenomitch mikenomitch changed the title Add support for acl.tokens.master like in Consul Add support for initial_management token like in Consul Dec 23, 2021
@apollo13
Copy link
Contributor Author

Looks like this would be fixed by #12520

@tgross tgross linked a pull request Apr 29, 2022 that will close this issue
Allow Operator Generated bootstrap token #12520
Merged
3 tasks
@github-actions
Copy link

github-actions bot commented Oct 7, 2022

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
theme/auth type/enhancement
Projects
None yet
Milestone
No milestone
6 participants
@apollo13 @notnoop @scalp42 @th0m @evandam @Y-Tian