diff --git a/changelog/20934.txt b/changelog/20934.txt new file mode 100644 index 000000000..72c22574d --- /dev/null +++ b/changelog/20934.txt @@ -0,0 +1,3 @@ +```release-note:bug +agent: Fix bug with 'cache' stanza validation +``` diff --git a/command/agent/config/config.go b/command/agent/config/config.go index 424ddc909..05774091b 100644 --- a/command/agent/config/config.go +++ b/command/agent/config/config.go @@ -646,7 +646,7 @@ func LoadConfigFile(path string) (*Config, error) { return nil, fmt.Errorf("error parsing 'env_template': %w", err) } - if result.Cache != nil && result.APIProxy == nil { + if result.Cache != nil && result.APIProxy == nil && (result.Cache.UseAutoAuthToken || result.Cache.ForceAutoAuthToken) { result.APIProxy = &APIProxy{ UseAutoAuthToken: result.Cache.UseAutoAuthToken, ForceAutoAuthToken: result.Cache.ForceAutoAuthToken, diff --git a/command/agent/config/config_test.go b/command/agent/config/config_test.go index 9a0469e74..3be1ab33a 100644 --- a/command/agent/config/config_test.go +++ b/command/agent/config/config_test.go @@ -617,8 +617,7 @@ func TestLoadConfigFile_AgentCache_NoAutoAuth(t *testing.T) { } expected := &Config{ - APIProxy: &APIProxy{}, - Cache: &Cache{}, + Cache: &Cache{}, SharedConfig: &configutil.SharedConfig{ PidFile: "./pidfile", Listeners: []*configutil.Listener{ @@ -935,10 +934,6 @@ func TestLoadConfigFile_AgentCache_AutoAuth_False(t *testing.T) { }, }, }, - APIProxy: &APIProxy{ - UseAutoAuthToken: false, - ForceAutoAuthToken: false, - }, Cache: &Cache{ UseAutoAuthToken: false, UseAutoAuthTokenRaw: "false", @@ -959,7 +954,6 @@ func TestLoadConfigFile_AgentCache_Persist(t *testing.T) { } expected := &Config{ - APIProxy: &APIProxy{}, Cache: &Cache{ Persist: &agentproxyshared.PersistConfig{ Type: "kubernetes", @@ -1252,6 +1246,43 @@ func TestLoadConfigFile_Template_NoSinks(t *testing.T) { } } +// TestLoadConfigFile_Template_WithCache tests ensures that cache {} stanza is +// permitted in vault agent configuration with template(s) +func TestLoadConfigFile_Template_WithCache(t *testing.T) { + config, err := LoadConfigFile("./test-fixtures/config-template-with-cache.hcl") + if err != nil { + t.Fatalf("err: %s", err) + } + + expected := &Config{ + SharedConfig: &configutil.SharedConfig{ + PidFile: "./pidfile", + }, + AutoAuth: &AutoAuth{ + Method: &Method{ + Type: "aws", + MountPath: "auth/aws", + Namespace: "my-namespace/", + Config: map[string]interface{}{ + "role": "foobar", + }, + }, + }, + Cache: &Cache{}, + Templates: []*ctconfig.TemplateConfig{ + { + Source: pointerutil.StringPtr("/path/on/disk/to/template.ctmpl"), + Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"), + }, + }, + } + + config.Prune() + if diff := deep.Equal(config, expected); diff != nil { + t.Fatal(diff) + } +} + func TestLoadConfigFile_Vault_Retry(t *testing.T) { config, err := LoadConfigFile("./test-fixtures/config-vault-retry.hcl") if err != nil { @@ -1359,7 +1390,6 @@ func TestLoadConfigFile_EnforceConsistency(t *testing.T) { }, PidFile: "", }, - APIProxy: &APIProxy{}, Cache: &Cache{ EnforceConsistency: "always", WhenInconsistent: "retry", diff --git a/command/agent/config/test-fixtures/config-template-with-cache.hcl b/command/agent/config/test-fixtures/config-template-with-cache.hcl new file mode 100644 index 000000000..8f43b8311 --- /dev/null +++ b/command/agent/config/test-fixtures/config-template-with-cache.hcl @@ -0,0 +1,22 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +pid_file = "./pidfile" + +auto_auth { + method { + type = "aws" + namespace = "/my-namespace" + + config = { + role = "foobar" + } + } +} + +cache {} + +template { + source = "/path/on/disk/to/template.ctmpl" + destination = "/path/on/disk/where/template/will/render.txt" +}