diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 787e5a247..dd548b218 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -103,6 +103,14 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { return err } + // We don't want to set the namespace if it's empty to prevent potential + // unknown behavior (what does Vault do with an empty namespace). The Vault + // client also makes sure the inputs are not empty strings so let's do the + // same. + if config.Namespace != "" { + client.SetNamespace(config.Namespace) + } + if config.AuthMethod != nil { loginResp, err := vaultLogin(client, config.AuthMethod) if err != nil { @@ -112,13 +120,6 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { } client.SetToken(config.Token) - // We don't want to set the namespace if it's empty to prevent potential - // unknown behavior (what does Vault do with an empty namespace). The Vault - // client also makes sure the inputs are not empty strings so let's do the - // same. - if config.Namespace != "" { - client.SetNamespace(config.Namespace) - } v.config = config v.client = client v.isPrimary = cfg.IsPrimary