From c160ce99e367726b55ee70a99ddb557b8ba800e9 Mon Sep 17 00:00:00 2001 From: hc-github-team-nomad-core <82989552+hc-github-team-nomad-core@users.noreply.github.com> Date: Tue, 7 Nov 2023 19:15:31 -0600 Subject: [PATCH] backport of commit ab36cf031c80253d9c2827852f8ecbeae3d6ff5b (#19027) Co-authored-by: Luiz Aoqui --- .changelog/18985.txt | 3 +++ client/vaultclient/vaultclient.go | 1 + 2 files changed, 4 insertions(+) create mode 100644 .changelog/18985.txt diff --git a/.changelog/18985.txt b/.changelog/18985.txt new file mode 100644 index 000000000..432582a85 --- /dev/null +++ b/.changelog/18985.txt @@ -0,0 +1,3 @@ +```release-note:bug +vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired +``` diff --git a/client/vaultclient/vaultclient.go b/client/vaultclient/vaultclient.go index b17bb614d..c68424418 100644 --- a/client/vaultclient/vaultclient.go +++ b/client/vaultclient/vaultclient.go @@ -391,6 +391,7 @@ func (c *vaultClient) renew(req *vaultClientRenewalRequest) error { fatal := false if renewalErr != nil && (strings.Contains(renewalErr.Error(), "lease not found or lease is not renewable") || + strings.Contains(renewalErr.Error(), "invalid lease ID") || strings.Contains(renewalErr.Error(), "lease is not renewable") || strings.Contains(renewalErr.Error(), "token not found") || strings.Contains(renewalErr.Error(), "permission denied")) {