Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

agent/template: add static_secret_render_interval configurable #11934

Merged
merged 10 commits into from Jun 24, 2021
Merged

agent/template: add static_secret_render_interval configurable #11934

merged 10 commits into from Jun 24, 2021

Conversation

jasonodonnell
Copy link
Contributor

@jasonodonnell jasonodonnell commented Jun 23, 2021
edited

Consul Template recently added a feature to allow operators to override the default lease duration when a secret has no lease/isn't renewable. This default (5m) can be now altered using the following agent config:

template_config {
    static_secret_render_interval = 60
}

We'll need to add this configurable to both Vault K8s and Vault Helm.

@jasonodonnell jasonodonnell added this to the 1.8 milestone Jun 23, 2021
@jasonodonnell jasonodonnell requested review from tvoran, calvn, tomhjp and a team June 23, 2021 20:05
@vercel vercel bot temporarily deployed to Preview – vault June 23, 2021 20:07 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 23, 2021 20:07 Inactive
@jasonodonnell
Copy link
Contributor Author

In case it confuses anyone, consul-template is already updated in main so I did not need to update the dependency for this feature.

@vercel vercel bot temporarily deployed to Preview – vault-storybook June 23, 2021 21:12 Inactive
@vercel vercel bot temporarily deployed to Preview – vault June 23, 2021 21:12 Inactive
tvoran
tvoran reviewed Jun 23, 2021
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the docs here too?

command/agent/config/config.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 17:15 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 17:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 17:29 Inactive
tvoran
tvoran reviewed Jun 24, 2021
View reviewed changes
command/agent/template/template.go Outdated Show resolved Hide resolved
changelog/11934.txt Outdated Show resolved Hide resolved
website/content/docs/agent/template-config.mdx Outdated Show resolved Hide resolved
@jasonodonnell @tvoran
Update command/agent/template/template.go
eaa0754 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 18:20 Inactive
@vercel vercel bot temporarily deployed to Preview – vault June 24, 2021 18:20 Inactive
@jasonodonnell @tvoran
Update changelog/11934.txt
24f3da9 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 18:21 Inactive
@vercel vercel bot temporarily deployed to Preview – vault June 24, 2021 18:21 Inactive
@jasonodonnell @tvoran
Update website/content/docs/agent/template-config.mdx
85369b5 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
@vercel vercel bot temporarily deployed to Preview – vault-storybook June 24, 2021 18:21 Inactive
tvoran
tvoran approved these changes Jun 24, 2021
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also a reminder to update the PR description with the new parameter 😃

@jasonodonnell jasonodonnell changed the title agent/template: add default_lease_duration configurable agent/template: add static_secret_render_interval configurable Jun 24, 2021
@jasonodonnell jasonodonnell merged commit 22d8470 into main Jun 24, 2021
@jasonodonnell jasonodonnell deleted the consul-template-lease-duration branch June 24, 2021 19:40
calvn
calvn reviewed Jun 24, 2021
View reviewed changes
command/agent/config/config.go
@@ -119,7 +119,9 @@ type Sink struct {

// TemplateConfig defines global behaviors around template
type TemplateConfig struct {
ExitOnRetryFailure bool `hcl:"exit_on_retry_failure"`
ExitOnRetryFailure bool `hcl:"exit_on_retry_failure"`
StaticSecretRenderIntRaw interface{} `hcl:"static_secret_render_interval"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we land/agree on settling with nonleased_secret_render_interval as the param name?

jartek pushed a commit to jartek/vault that referenced this pull request Sep 11, 2021
@jasonodonnell @tvoran @jartek
agent/template: add static_secret_render_interval configurable (hashi…
6fe7856 
…corp#11934)

* agent/template: add default_lease_duration config

* go mod tidy

* Add changelog

* Fix panic

* Add documentation

* Change to static_secret_render_interval

* Update doc

* Update command/agent/template/template.go

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update changelog/11934.txt

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/template-config.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn left review comments

@tvoran tvoran tvoran approved these changes

@tomhjp tomhjp Awaiting requested review from tomhjp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jasonodonnell @tvoran @calvn