fix: [nomad-step-2] S2.3 review round 1 — document new helper + script, drop unused vault CLI precondition (#881)
All checks were successful
All checks were successful
Review feedback from PR #895 round 1: - lib/AGENTS.md (hvault.sh row): add hvault_get_or_empty(PATH) to the public-function list; replace the "not sourced at runtime yet" note with the three actual callers (vault-apply-policies.sh, vault-apply-roles.sh, vault-nomad-auth.sh). - lib/AGENTS.md (lib/init/nomad/ row): add a one-line description of vault-nomad-auth.sh (Step 2, this PR); relabel the row header from "Step 0 installer scripts" to "installer scripts" since it now spans Step 0 + Step 2. - lib/init/nomad/vault-nomad-auth.sh: drop the `vault` CLI from the binary precondition check — hvault.sh's helpers are all curl-based, so the CLI is never invoked. The precondition would spuriously die on a Nomad-client-only node that has Vault server reachable but no `vault` binary installed. Inline comment preserves the rationale. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
parent
8efef9f1bb
commit
b2c86c3037
2 changed files with 7 additions and 3 deletions
|
|
@ -63,7 +63,11 @@ if [ "$(id -u)" -ne 0 ]; then
|
|||
die "must run as root (writes ${SERVER_HCL_DST} + signals nomad)"
|
||||
fi
|
||||
|
||||
for bin in curl jq vault systemctl; do
|
||||
# curl + jq are used directly; hvault.sh's helpers are also curl-based, so
|
||||
# the `vault` CLI is NOT required here — don't add it to this list, or a
|
||||
# Vault-server-present / vault-CLI-absent box (e.g. a Nomad-client-only
|
||||
# node) would die spuriously. systemctl is required for SIGHUPing nomad.
|
||||
for bin in curl jq systemctl; do
|
||||
command -v "$bin" >/dev/null 2>&1 \
|
||||
|| die "required binary not found: ${bin}"
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue