-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agent: Add implementation for injecting secrets as environment variables #20628
Conversation
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
command/agent/exec/exec.go
Outdated
// lookupMap is a list of templates indexed by their consul-template ID. This | ||
// is used to ensure all Vault templates have been rendered before returning | ||
// from the runner in the event we're using exit after auth. | ||
lookupMap map[string][]*ctconfig.TemplateConfig |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"exit after auth" is not applicable in env_template mode, do we still want this map? If so, please update the comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After speaking with @VioletHynes, it seems we may still want to support the exit_after_auth usecase (doesn't need to be implemented with the map but something to keep in mind).
Env: append(os.Environ(), envsToList(newEnvVars)...), | ||
ReloadSignal: nil, // can't reload w/ new env vars | ||
KillSignal: s.config.AgentConfig.Exec.RestartKillSignal, | ||
KillTimeout: 30 * time.Second, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to make this configurable but maybe post-beta
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
…nv-var Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
@@ -11,10 +11,11 @@ import ( | |||
|
|||
"github.com/go-test/deep" | |||
ctconfig "github.com/hashicorp/consul-template/config" | |||
"golang.org/x/exp/slices" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Delete this empty line
ctconfig "github.com/hashicorp/consul-template/config" | ||
"github.com/hashicorp/consul-template/manager" | ||
"github.com/hashicorp/go-hclog" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: delete this empty line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's intentional by gofmt
, imports are grouped
stdlib
external/third party
internal/first party
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, interesting. I'm not sure if it's different with gofumpt
, but I've made an effort to delete these when they pop up in my PRs, and it seems to auto-organize them when I do. I'm happy to keep this as-is!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just ran make fmt
and no change? maybe we need to add some import formatting 🤷
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
this PR is the initial implementation of a process runner for injecting secrets via environment variables via vault agent
features
It is part of the larger effort to add environment variable support within Vault Agent (VLT-253).