backport of commit e4c19ac0af902c83e67c301b6d104d9f1a621750 (#20938)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
This commit is contained in:
parent
07ca320b6d
commit
ca57012072
3
changelog/20934.txt
Normal file
3
changelog/20934.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
agent: Fix bug with 'cache' stanza validation
|
||||||
|
```
|
|
@ -646,7 +646,7 @@ func LoadConfigFile(path string) (*Config, error) {
|
||||||
return nil, fmt.Errorf("error parsing 'env_template': %w", err)
|
return nil, fmt.Errorf("error parsing 'env_template': %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if result.Cache != nil && result.APIProxy == nil {
|
if result.Cache != nil && result.APIProxy == nil && (result.Cache.UseAutoAuthToken || result.Cache.ForceAutoAuthToken) {
|
||||||
result.APIProxy = &APIProxy{
|
result.APIProxy = &APIProxy{
|
||||||
UseAutoAuthToken: result.Cache.UseAutoAuthToken,
|
UseAutoAuthToken: result.Cache.UseAutoAuthToken,
|
||||||
ForceAutoAuthToken: result.Cache.ForceAutoAuthToken,
|
ForceAutoAuthToken: result.Cache.ForceAutoAuthToken,
|
||||||
|
|
|
@ -617,7 +617,6 @@ func TestLoadConfigFile_AgentCache_NoAutoAuth(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expected := &Config{
|
expected := &Config{
|
||||||
APIProxy: &APIProxy{},
|
|
||||||
Cache: &Cache{},
|
Cache: &Cache{},
|
||||||
SharedConfig: &configutil.SharedConfig{
|
SharedConfig: &configutil.SharedConfig{
|
||||||
PidFile: "./pidfile",
|
PidFile: "./pidfile",
|
||||||
|
@ -935,10 +934,6 @@ func TestLoadConfigFile_AgentCache_AutoAuth_False(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
APIProxy: &APIProxy{
|
|
||||||
UseAutoAuthToken: false,
|
|
||||||
ForceAutoAuthToken: false,
|
|
||||||
},
|
|
||||||
Cache: &Cache{
|
Cache: &Cache{
|
||||||
UseAutoAuthToken: false,
|
UseAutoAuthToken: false,
|
||||||
UseAutoAuthTokenRaw: "false",
|
UseAutoAuthTokenRaw: "false",
|
||||||
|
@ -959,7 +954,6 @@ func TestLoadConfigFile_AgentCache_Persist(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expected := &Config{
|
expected := &Config{
|
||||||
APIProxy: &APIProxy{},
|
|
||||||
Cache: &Cache{
|
Cache: &Cache{
|
||||||
Persist: &agentproxyshared.PersistConfig{
|
Persist: &agentproxyshared.PersistConfig{
|
||||||
Type: "kubernetes",
|
Type: "kubernetes",
|
||||||
|
@ -1252,6 +1246,43 @@ func TestLoadConfigFile_Template_NoSinks(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestLoadConfigFile_Template_WithCache tests ensures that cache {} stanza is
|
||||||
|
// permitted in vault agent configuration with template(s)
|
||||||
|
func TestLoadConfigFile_Template_WithCache(t *testing.T) {
|
||||||
|
config, err := LoadConfigFile("./test-fixtures/config-template-with-cache.hcl")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
expected := &Config{
|
||||||
|
SharedConfig: &configutil.SharedConfig{
|
||||||
|
PidFile: "./pidfile",
|
||||||
|
},
|
||||||
|
AutoAuth: &AutoAuth{
|
||||||
|
Method: &Method{
|
||||||
|
Type: "aws",
|
||||||
|
MountPath: "auth/aws",
|
||||||
|
Namespace: "my-namespace/",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"role": "foobar",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Cache: &Cache{},
|
||||||
|
Templates: []*ctconfig.TemplateConfig{
|
||||||
|
{
|
||||||
|
Source: pointerutil.StringPtr("/path/on/disk/to/template.ctmpl"),
|
||||||
|
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
config.Prune()
|
||||||
|
if diff := deep.Equal(config, expected); diff != nil {
|
||||||
|
t.Fatal(diff)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestLoadConfigFile_Vault_Retry(t *testing.T) {
|
func TestLoadConfigFile_Vault_Retry(t *testing.T) {
|
||||||
config, err := LoadConfigFile("./test-fixtures/config-vault-retry.hcl")
|
config, err := LoadConfigFile("./test-fixtures/config-vault-retry.hcl")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1359,7 +1390,6 @@ func TestLoadConfigFile_EnforceConsistency(t *testing.T) {
|
||||||
},
|
},
|
||||||
PidFile: "",
|
PidFile: "",
|
||||||
},
|
},
|
||||||
APIProxy: &APIProxy{},
|
|
||||||
Cache: &Cache{
|
Cache: &Cache{
|
||||||
EnforceConsistency: "always",
|
EnforceConsistency: "always",
|
||||||
WhenInconsistent: "retry",
|
WhenInconsistent: "retry",
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Copyright (c) HashiCorp, Inc.
|
||||||
|
# SPDX-License-Identifier: MPL-2.0
|
||||||
|
|
||||||
|
pid_file = "./pidfile"
|
||||||
|
|
||||||
|
auto_auth {
|
||||||
|
method {
|
||||||
|
type = "aws"
|
||||||
|
namespace = "/my-namespace"
|
||||||
|
|
||||||
|
config = {
|
||||||
|
role = "foobar"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cache {}
|
||||||
|
|
||||||
|
template {
|
||||||
|
source = "/path/on/disk/to/template.ctmpl"
|
||||||
|
destination = "/path/on/disk/where/template/will/render.txt"
|
||||||
|
}
|
Loading…
Reference in a new issue