Skip to content

api: return 403 error when reading variables using invalid token#27269

Merged
mismithhisler merged 4 commits intomainfrom
b-return-err-reading-vars
Dec 18, 2025
Merged

api: return 403 error when reading variables using invalid token#27269
mismithhisler merged 4 commits intomainfrom
b-return-err-reading-vars

Conversation

@mismithhisler
Copy link
Copy Markdown
Member

@mismithhisler mismithhisler commented Dec 16, 2025
edited
Loading

Description

The Nomad api was previously swallowing 403 errors, which was inconsistent with the rest of the api, and causing unexpected issues with consumers like Consul-Template

Testing & Reproduction steps

Links

Fixes GH #27117
Fixes GH #24698

Contributor Checklist

  • Changelog Entry If this PR changes user-facing behavior, please generate and add a
    changelog entry using the make cl command.
  • Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
    ensure regressions will be caught.
  • Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
    and job configuration, please update the Nomad product documentation, which is stored in the
    web-unified-docs repo. Refer to the web-unified-docs contributor guide for docs guidelines.
    Please also consider whether the change requires notes within the upgrade
    guide    . If you would like help with the docs, tag the nomad-docs team in this PR.

Reviewer Checklist

  • Backport Labels Please add the correct backport labels as described by the internal
    backporting document.
  • Commit Type Ensure the correct merge method is selected which should be "squash and merge"
    in the majority of situations. The main exceptions are long-lived feature branches or merges where
    history should be preserved.
  • Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
    within the public repository.
  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

@mismithhisler
api: return 403 error when reading variables using invalid token
1a7e283 
The Nomad api was previously swallowing 403 errors, which was
inconsistent with the rest of the api, and causing unexpected issues
with consumers like Consul-Template
@mismithhisler mismithhisler self-assigned this Dec 16, 2025
@mismithhisler mismithhisler requested review from a team as code owners December 16, 2025 17:11
mismithhisler
mismithhisler commented Dec 16, 2025
View reviewed changes
Comment thread api/error_unexpected_response.go
allisonlarson
allisonlarson reviewed Dec 16, 2025
View reviewed changes
Comment thread .changelog/27269.txt Outdated
Comment thread api/variables.go
@mismithhisler @allisonlarson
Update .changelog/27269.txt
bcc9b2f 
Co-authored-by: Allison Larson <allison.larson@hashicorp.com>
@mismithhisler mismithhisler added backport/1.11.x backport to 1.11.x release line backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/ent/1.10.x+ent backport to 1.10.x+ent release line labels Dec 17, 2025
@mismithhisler mismithhisler merged commit f7f7049 into main Dec 18, 2025
47 checks passed
@mismithhisler mismithhisler deleted the b-return-err-reading-vars branch December 18, 2025 21:11
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Dec 18, 2025
Merged
7 tasks
tgross added a commit that referenced this pull request Jan 22, 2026
@tgross
E2E: fix failing Task API test
07bf8af 
In #27269 we improved the Go SDK's treatment of the variables API to correctly
return 403. An E2E test of the CLI was expected a "not found" response instead,
so this causes the test to fail. But the test also poorly exercised the Task API
socket by not ensuring that authentication was working. Update the test to get a
variable that exists and that the test has access to.

Ref: #27269
@tgross tgross mentioned this pull request Jan 22, 2026
Merged
7 tasks
tgross added a commit that referenced this pull request Jan 22, 2026
@tgross
E2E: fix failing Task API test
0e2d912 
In #27269 we improved the Go SDK's treatment of the variables API to correctly
return 403. An E2E test of the CLI was expected a "not found" response instead,
so this causes the test to fail. But the test also poorly exercised the Task API
socket by not ensuring that authentication was working. Update the test to get a
variable that exists and that the test has access to.

Ref: #27269
tgross added a commit that referenced this pull request Jan 22, 2026
@tgross
E2E: fix failing Task API test (#27394)
21e3299 
In #27269 we improved the Go SDK's treatment of the variables API to correctly
return 403. An E2E test of the CLI was expected a "not found" response instead,
so this causes the test to fail. But the test also poorly exercised the Task API
socket by not ensuring that authentication was working. Update the test to get a
variable that exists and that the test has access to.

Ref: #27269
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Jan 22, 2026
Merged
7 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 18, 2026

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Apr 18, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@allisonlarson allisonlarson allisonlarson approved these changes

@gulducat gulducat Awaiting requested review from gulducat

Assignees

@mismithhisler mismithhisler

Labels

backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/ent/1.10.x+ent backport to 1.10.x+ent release line backport/1.11.x backport to 1.11.x release line

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mismithhisler @allisonlarson