VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous na…

…mespaces set (hashicorp#15519) * VAULT-4306 Ensure /raft/bootstrap/challenge call ignores erroneous namespaces set * VAULT-4306 Add changelog * VAULT-4306 Update changelog/15519.txt Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com> Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
remilapeyre · May 19, 2022 · caa10a5 · caa10a5
1 parent 850100c
commit caa10a5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/changelog/15519.txt b/changelog/15519.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+storage/raft: joining a node to a cluster now ignores any VAULT_NAMESPACE environment variable set on the server process
+```
diff --git a/vault/raft.go b/vault/raft.go
@@ -777,6 +777,8 @@ func (c *Core) getRaftChallenge(leaderInfo *raft.LeaderJoinInfo) (*raftInformati
 	if err != nil {
 		return nil, fmt.Errorf("failed to create api client: %w", err)
 	}
+	// Clearing namespace, as this client should only ever be using the root namespace
+	apiClient.ClearNamespace()
 
 	// Attempt to join the leader by requesting for the bootstrap challenge
 	secret, err := apiClient.Logical().Write("sys/storage/raft/bootstrap/challenge", map[string]interface{}{