backport of commit e4c19ac0af902c83e67c301b6d104d9f1a621750 (#20938)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
This commit is contained in:
parent
07ca320b6d
commit
ca57012072
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
agent: Fix bug with 'cache' stanza validation
|
||||
```
|
|
@ -646,7 +646,7 @@ func LoadConfigFile(path string) (*Config, error) {
|
|||
return nil, fmt.Errorf("error parsing 'env_template': %w", err)
|
||||
}
|
||||
|
||||
if result.Cache != nil && result.APIProxy == nil {
|
||||
if result.Cache != nil && result.APIProxy == nil && (result.Cache.UseAutoAuthToken || result.Cache.ForceAutoAuthToken) {
|
||||
result.APIProxy = &APIProxy{
|
||||
UseAutoAuthToken: result.Cache.UseAutoAuthToken,
|
||||
ForceAutoAuthToken: result.Cache.ForceAutoAuthToken,
|
||||
|
|
|
@ -617,7 +617,6 @@ func TestLoadConfigFile_AgentCache_NoAutoAuth(t *testing.T) {
|
|||
}
|
||||
|
||||
expected := &Config{
|
||||
APIProxy: &APIProxy{},
|
||||
Cache: &Cache{},
|
||||
SharedConfig: &configutil.SharedConfig{
|
||||
PidFile: "./pidfile",
|
||||
|
@ -935,10 +934,6 @@ func TestLoadConfigFile_AgentCache_AutoAuth_False(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
APIProxy: &APIProxy{
|
||||
UseAutoAuthToken: false,
|
||||
ForceAutoAuthToken: false,
|
||||
},
|
||||
Cache: &Cache{
|
||||
UseAutoAuthToken: false,
|
||||
UseAutoAuthTokenRaw: "false",
|
||||
|
@ -959,7 +954,6 @@ func TestLoadConfigFile_AgentCache_Persist(t *testing.T) {
|
|||
}
|
||||
|
||||
expected := &Config{
|
||||
APIProxy: &APIProxy{},
|
||||
Cache: &Cache{
|
||||
Persist: &agentproxyshared.PersistConfig{
|
||||
Type: "kubernetes",
|
||||
|
@ -1252,6 +1246,43 @@ func TestLoadConfigFile_Template_NoSinks(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// TestLoadConfigFile_Template_WithCache tests ensures that cache {} stanza is
|
||||
// permitted in vault agent configuration with template(s)
|
||||
func TestLoadConfigFile_Template_WithCache(t *testing.T) {
|
||||
config, err := LoadConfigFile("./test-fixtures/config-template-with-cache.hcl")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
expected := &Config{
|
||||
SharedConfig: &configutil.SharedConfig{
|
||||
PidFile: "./pidfile",
|
||||
},
|
||||
AutoAuth: &AutoAuth{
|
||||
Method: &Method{
|
||||
Type: "aws",
|
||||
MountPath: "auth/aws",
|
||||
Namespace: "my-namespace/",
|
||||
Config: map[string]interface{}{
|
||||
"role": "foobar",
|
||||
},
|
||||
},
|
||||
},
|
||||
Cache: &Cache{},
|
||||
Templates: []*ctconfig.TemplateConfig{
|
||||
{
|
||||
Source: pointerutil.StringPtr("/path/on/disk/to/template.ctmpl"),
|
||||
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
config.Prune()
|
||||
if diff := deep.Equal(config, expected); diff != nil {
|
||||
t.Fatal(diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoadConfigFile_Vault_Retry(t *testing.T) {
|
||||
config, err := LoadConfigFile("./test-fixtures/config-vault-retry.hcl")
|
||||
if err != nil {
|
||||
|
@ -1359,7 +1390,6 @@ func TestLoadConfigFile_EnforceConsistency(t *testing.T) {
|
|||
},
|
||||
PidFile: "",
|
||||
},
|
||||
APIProxy: &APIProxy{},
|
||||
Cache: &Cache{
|
||||
EnforceConsistency: "always",
|
||||
WhenInconsistent: "retry",
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
pid_file = "./pidfile"
|
||||
|
||||
auto_auth {
|
||||
method {
|
||||
type = "aws"
|
||||
namespace = "/my-namespace"
|
||||
|
||||
config = {
|
||||
role = "foobar"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
cache {}
|
||||
|
||||
template {
|
||||
source = "/path/on/disk/to/template.ctmpl"
|
||||
destination = "/path/on/disk/where/template/will/render.txt"
|
||||
}
|
Loading…
Reference in New Issue