diff --git a/.changelog/18325.txt b/.changelog/18325.txt new file mode 100644 index 0000000000..b2870352b6 --- /dev/null +++ b/.changelog/18325.txt @@ -0,0 +1,3 @@ +```release-note:bug +mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace. +``` \ No newline at end of file diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go index cc9a37be0c..7336027d70 100644 --- a/agent/structs/config_entry_jwt_provider.go +++ b/agent/structs/config_entry_jwt_provider.go @@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error { return err } - if err := e.validatePartition(); err != nil { + if err := e.validatePartitionAndNamespace(); err != nil { return err } diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_oss.go index 2152f139f0..533f349c01 100644 --- a/agent/structs/config_entry_jwt_provider_oss.go +++ b/agent/structs/config_entry_jwt_provider_oss.go @@ -12,9 +12,14 @@ import ( "github.com/hashicorp/consul/acl" ) -func (e *JWTProviderConfigEntry) validatePartition() error { +func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error { if !acl.IsDefaultPartition(e.PartitionOrDefault()) { return fmt.Errorf("Partitions are an enterprise only feature") } + + if acl.DefaultNamespaceName != e.NamespaceOrDefault() { + return fmt.Errorf("Namespaces are an enterprise only feature") + } + return nil }