Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workload identity for parameterised jobs #17279

Closed
michael-strigo opened this issue May 23, 2023 · 2 comments
Closed

Workload identity for parameterised jobs #17279

michael-strigo opened this issue May 23, 2023 · 2 comments
Labels
theme/batch Issues related to batch jobs and scheduling theme/workload-identity type/bug
Projects
Nomad - Community Issues Triage

Comments

@michael-strigo
Copy link

Proposal

Allow attaching workload identities to parameterised job dispatches.

Use-cases

Having the ability to read/write variables in non-default paths.

Attempted Solutions

I tried attaching a policy to the parameterised job with nomad acl policy apply -namespace default -job param policy_name /tmp/policy.hcl

policy.hcl:

namespace "default" {
  variables {
    path "*" {
      capabilities = ["list"]
    }
  }
}

However when running, the token only provided access to the default variable at nomad/jobs/param.
@jrasell jrasell added this to Needs Triage in Nomad - Community Issues Triage via automation May 23, 2023
@tgross
Copy link
Member

tgross commented May 23, 2023
edited

Hi @michael-strigo! This is actually supposed to work already. We merged the bug fix in #17018 yesterday. The PR says it fixes periodic jobs but the dispatch jobs pick up their identity the same way (with a parent job ID). That will ship in Nomad 1.6.0 (with a backport to Nomad 1.5.x and 1.4.x). I'm going to close this issue out, but thanks for reporting it!

@tgross tgross closed this as completed May 23, 2023
Nomad - Community Issues Triage automation moved this from Needs Triage to Done May 23, 2023
@tgross tgross added type/bug theme/batch Issues related to batch jobs and scheduling theme/workload-identity and removed type/enhancement labels May 23, 2023
@michael-strigo
Copy link
Author

michael-strigo commented May 24, 2023
edited

Nice, you are closing issues faster than I can report. There's nothing for me left to do here 🤣

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
theme/batch Issues related to batch jobs and scheduling theme/workload-identity type/bug
Projects
Nomad - Community Issues Triage
Archived in project
Nomad - Community Issues Triage
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tgross @michael-strigo