luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/e2e/workload_id/input/identity.nomad

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

103 lines
1.9 KiB
Plaintext
Raw Normal View History

Add option to expose workload token to task (#15755) Add `identity` jobspec block to expose workload identity tokens to tasks. --------- Co-authored-by: Anders <mail@anars.dk> Co-authored-by: Tim Gross <tgross@hashicorp.com> Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2023-02-02 18:59:14 +00:00
job "identity" {
datacenters = ["dc1"]
type = "batch"
constraint {
attribute = "${attr.kernel.name}"
value = "linux"
}
group "identity" {
# none task should log no secrets
task "none" {
driver = "docker"
config {
image = "bash:5"
args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done"]
}
resources {
cpu = 16
memory = 32
disk = 64
}
}
# empty task should log no secrets
task "empty" {
identity {}
driver = "docker"
config {
image = "bash:5"
args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done"]
}
resources {
cpu = 16
memory = 32
disk = 64
}
}
# env task should log only env var
task "env" {
identity {
env = true
file = false
}
driver = "docker"
config {
image = "bash:5"
args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done"]
}
resources {
cpu = 16
memory = 32
disk = 64
}
}
# file task should log only env var
task "file" {
identity {
file = true
}
driver = "docker"
config {
image = "bash:5"
args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done"]
}
resources {
cpu = 16
memory = 32
disk = 64
}
}
# falsey task should be the same as no identity block
task "falsey" {
identity {
env = false
file = false
}
driver = "docker"
config {
image = "bash:5"
args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done"]
}
resources {
cpu = 16
memory = 32
disk = 64
}
}
}
}
Reference in a new issue Copy permalink