VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous namespaces set (#15519)

* VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous namespaces set * VAULT-4306 Add changelog * VAULT-4306 Update changelog/15519.txt Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com> Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-05-19 16:27:51 -04:00 · 2022-05-19 16:27:51 -04:00 · 6d4497bcbf
parent 6425999ff2
commit 6d4497bcbf
2 changed files with 5 additions and 0 deletions
--- a/changelog/15519.txt
+++ b/changelog/15519.txt
@ -0,0 +1,3 @@
+```release-note:bug
+storage/raft: joining a node to a cluster now ignores any VAULT_NAMESPACE environment variable set on the server process
+```
--- a/vault/raft.go
+++ b/vault/raft.go
@ -777,6 +777,8 @@ func (c *Core) getRaftChallenge(leaderInfo *raft.LeaderJoinInfo) (*raftInformati
 	if err != nil {
 		return nil, fmt.Errorf("failed to create api client: %w", err)
 	}
+	// Clearing namespace, as this client should only ever be using the root namespace
+	apiClient.ClearNamespace()

 	// Attempt to join the leader by requesting for the bootstrap challenge
 	secret, err := apiClient.Logical().Write("sys/storage/raft/bootstrap/challenge", map[string]interface{}{