From 6d4497bcbf5fd83a452106c905b278dfdcb6f586 Mon Sep 17 00:00:00 2001
From: Violet Hynes <a.xenasis@gmail.com>
Date: Thu, 19 May 2022 16:27:51 -0400
Subject: [PATCH] VAULT-4306 Ensure /raft/bootstrap/challenge call ignores
 erroneous namespaces set (#15519)

* VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous namespaces set

* VAULT-4306 Add changelog

* VAULT-4306 Update changelog/15519.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
---
 changelog/15519.txt | 3 +++
 vault/raft.go       | 2 ++
 2 files changed, 5 insertions(+)
 create mode 100644 changelog/15519.txt

diff --git a/changelog/15519.txt b/changelog/15519.txt
new file mode 100644
index 000000000..d0ec74407
--- /dev/null
+++ b/changelog/15519.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+storage/raft: joining a node to a cluster now ignores any VAULT_NAMESPACE environment variable set on the server process
+```
diff --git a/vault/raft.go b/vault/raft.go
index daa919ea3..bffab8a69 100644
--- a/vault/raft.go
+++ b/vault/raft.go
@@ -777,6 +777,8 @@ func (c *Core) getRaftChallenge(leaderInfo *raft.LeaderJoinInfo) (*raftInformati
 	if err != nil {
 		return nil, fmt.Errorf("failed to create api client: %w", err)
 	}
+	// Clearing namespace, as this client should only ever be using the root namespace
+	apiClient.ClearNamespace()
 
 	// Attempt to join the leader by requesting for the bootstrap challenge
 	secret, err := apiClient.Logical().Write("sys/storage/raft/bootstrap/challenge", map[string]interface{}{