Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault: provide a wait to render data on POST requests that doesn't require a payload #1453

Closed
calvn opened this issue Feb 9, 2021 · 0 comments · Fixed by #1532
Closed

vault: provide a wait to render data on POST requests that doesn't require a payload #1453

calvn opened this issue Feb 9, 2021 · 0 comments · Fixed by #1532
Labels
bug hashicat-update-complete Completed porting changes to hashicat hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration
Milestone
v0.28.0

Comments

@calvn
Copy link
Contributor

calvn commented Feb 9, 2021
edited by eikenb
Loading

Consul Template version

Run consul-template -v to show the version. If you are not
running the latest version, please upgrade before submitting an
issue.

2021-02-08T17:53:10.538-0800 [INFO] consul-template v0.25.1 (210cb410)
2021-02-08T17:53:10.539-0800 [DEBUG] (cli) version flag was given, exiting now
consul-template v0.25.1 (210cb410)

Configuration

config.hcl:

# Copy-paste your configuration files here. Only include what is necessary or
# what you've changed from defaults. Include all referenced configurations.
vault {
   address = "http://localhost:8200"
   token = "root"
   renew_token = false
}

template {
  source = "template.ctmpl"
  destination = "render.txt"
}

template.ctmpl

{{ with secret "auth/approle/role/my-role/secret-id" "" }}
{{ .Data.secret_id }}
{{ end }}

Command

consul-template -config=config.hcl -log-level=debug

Debug output

2021-02-08T17:54:56.496-0800 [INFO] consul-template v0.25.1 (210cb410)
2021-02-08T17:54:56.496-0800 [INFO] (runner) creating new runner (dry: false, once: false)
2021-02-08T17:54:56.497-0800 [DEBUG] (runner) final config: {"Consul":{"Address":"","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":17,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"debug","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":"consul-template"},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"render.txt","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":0,"Source":"template.ctmpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"","RightDelim":"","FunctionDenylist":[],"SandboxPath":""}],"Vault":{"Address":"http://localhost:8200","Enabled":true,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":17,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":0,"Max":0},"Once":false,"BlockQueryWaitTime":60000000000}
2021-02-08T17:54:56.497-0800 [INFO] (runner) creating watcher
2021-02-08T17:54:56.497-0800 [INFO] (runner) starting
2021-02-08T17:54:56.497-0800 [DEBUG] (runner) running initial templates
2021-02-08T17:54:56.497-0800 [DEBUG] (runner) initiating run
2021-02-08T17:54:56.497-0800 [DEBUG] (runner) checking template 0e503b10fb190434d1ed06d0204fb7b6
2021-02-08T17:54:56.497-0800 [ERR] (cli) template.ctmpl: execute: template: :1:8: executing "" at <secret "auth/approle/role/my-role/secret-id" "">: error calling secret: not k=v pair ""

Expected behavior

CT should be able to render secrets from POST paths that does not require passing in a payload or KV pair to the request.

Actual behavior

CT errors if "" to turn the path in to a vault.write (POST) request.

Steps to reproduce

  1. Run Vault and set up approle as instructed here
  2. Run CT using the config and template from above
  3. Observe error behavior in CT output.

References

N/A
@eikenb eikenb added bug hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration and removed enhancement labels Feb 22, 2021
@eikenb eikenb mentioned this issue Nov 5, 2021
Merged
@eikenb eikenb added this to the v0.28.0 milestone Nov 8, 2021
@eikenb eikenb added the hashicat-update-complete Completed porting changes to hashicat label Nov 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug hashicat-update-complete Completed porting changes to hashicat hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration
Projects
None yet
Milestone
v0.28.0
Development

Successfully merging a pull request may close this issue.

support secret write queries w/ an empty write hashicorp/consul-template
2 participants
@eikenb @calvn