Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'secrets' query does not renders out.txt #1462

Closed
Dentrax opened this issue Apr 5, 2021 · 5 comments · Fixed by #1468
Closed

'secrets' query does not renders out.txt #1462

Dentrax opened this issue Apr 5, 2021 · 5 comments · Fixed by #1468
Labels
bug
Milestone
0.26.0

Comments

@Dentrax
Copy link

Dentrax commented Apr 5, 2021
edited
Loading

Consul Template version

consul-template v0.25.2 (870905d)
Vault v1.7.0 ('4e222b85c40a810b74400ee3c54449479e32bb9f+CHANGES')

Configuration

in.tpl

{{ range secrets "secret/" }}
{{ . }}{{ end }}

in2.tpl

{{ range secrets "secret/" }}
{{ with secret (printf "secret/%s" .) }}{{ range $k, $v := .Data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}

Command

$ vault server -dev -dev-root-token-id=root -log-level=trace

P.S: I can not see any requests logs here after run consul-template CLI.

Debug output

https://paste.ubuntu.com/p/SqTPQGJm2W/

Expected behavior

It should render:

bar
foo
zip

Actual behavior

$ cat out.txt => EMPTY

Steps to reproduce

  1. $ vault server -dev -dev-root-token-id=root -log-level=trace
  2. $ vault kv put secret/foo bar=baz
  3. $ vault kv list secret/
Keys
----
foo
qux
  1. $ consul-template -template "in.tpl:out.txt" -vault-renew-token=false -vault-token='root' -once => OK
  2. $ cat out.txt => EMPTY

Trace logs:

``` [INFO] consul-template v0.25.2 (870905d) [INFO] (runner) creating new runner (dry: false, once: true) [DEBUG] (runner) final config: {"Consul":{"Address":"","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":13,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"debug","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":"consul-template"},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"out.txt","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":0,"Source":"in2.tpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"","RightDelim":"","FunctionDenylist":[],"SandboxPath":""}],"Vault":{"Address":"http://127.0.0.1:8200","Enabled":true,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":13,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":null,"Max":null},"Once":true,"BlockQueryWaitTime":60000000000} [INFO] (runner) creating watcher [INFO] (runner) starting [DEBUG] (runner) running initial templates [DEBUG] (runner) initiating run [DEBUG] (runner) checking template c23f0a4c34465b4756b6e34817ef0d6b [DEBUG] (runner) missing data for 1 dependencies [DEBUG] (runner) missing dependency: vault.list(secret) [DEBUG] (runner) add used dependency vault.list(secret) to missing since isLeader but do not have a watcher [DEBUG] (runner) was not watching 1 dependencies [DEBUG] (watcher) adding vault.list(secret) [DEBUG] (runner) diffing and updating dependencies [DEBUG] (runner) watching 1 dependencies [DEBUG] (runner) receiving dependency vault.list(secret) [DEBUG] (runner) initiating run [DEBUG] (runner) checking template c23f0a4c34465b4756b6e34817ef0d6b [DEBUG] (cli) receiving signal "urgent I/O condition" [DEBUG] (runner) rendering "in2.tpl" => "out.txt" [DEBUG] (runner) diffing and updating dependencies [DEBUG] (runner) vault.list(secret) is still needed [DEBUG] (runner) watching 1 dependencies [DEBUG] (runner) all templates rendered [INFO] (runner) once mode and all templates rendered [INFO] (runner) stopping [DEBUG] (runner) stopping watcher [DEBUG] (watcher) stopping all views ```

References

cc: @developer-guy
@eikenb eikenb added the bug label Apr 29, 2021
@yilmazo
Copy link
Contributor

yilmazo commented May 5, 2021
edited
Loading

I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.

in.tpl

{{ range secrets "secret/metadata" }}
{{ . }}{{ end }}

in2.tpl

{{ range secrets "secret/metadata" }}
{{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}

@eikenb
Copy link
Contributor

eikenb commented May 21, 2021

#1468 is merged and fixes this.

@eikenb eikenb closed this as completed May 21, 2021
@eikenb eikenb added this to the 0.26.0 milestone May 21, 2021
@alek-sys alek-sys mentioned this issue May 24, 2021
Open
@rishianand06
Copy link

I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.

in.tpl

{{ range secrets "secret/metadata" }}
{{ . }}{{ end }}

in2.tpl

{{ range secrets "secret/metadata" }}
{{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}

I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.

in.tpl

{{ range secrets "secret/metadata" }}
{{ . }}{{ end }}

in2.tpl

{{ range secrets "secret/metadata" }}
{{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}

My Environment -
consul-template v0.25.2 (c8372a0)
Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)

Put secrets in vault -
vault kv put secret/tools/tool1/token/acc1 key1='vaule1'
vault kv put secret/tools/tool1/token/acc1 key2='vaule1'

vault kv put secret/tools/tool1/token/acc2 key3='vaule2'

Vault cli command output -
vault kv list secret/tools/tool1/token
Keys

acc1
acc2

vault kv get secret/tools/tool1/token/acc1
============= Data =============
Key Value

key1 value1
key2 value1

vault kv get secret/tools/tool1/token/acc2
============= Data =============
Key Value

key3 value2

Consul templates -
Now I need to write consul templates to read K/V pairs for each account (acc1, acc2,.....).
Tried to do the same way, as you told.

in.tpl
{{ range secrets "secret/tools/tool1/token/metadata" }}
{{ with secret (printf "secret/tools/tool1/token/data/%s" .) }}{{ range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}

Run
consul-template -template "in.tpl:out.txt" -once

Actual behavior
$ cat out.txt => EMPTY

Expected behavior
It should render:

key1 value1
key2 value1
key3 value2

Please let me know, if I am missing something.

Thanks

@eikenb
Copy link
Contributor

eikenb commented Jun 4, 2021

Hey @rishianand06,

Have you tried with a build from the master branch yet, this should be fixed there. It (the fix) will also be included in version 0.26.0, which I'll be releasing sometime in the next week or two.

If this was tried on the master branch and it didn't fix it for you please let me know. Thanks.

@rishianand06
Copy link

@eikenb No I haven't tried that yet. Will try and let you know in case of any issue/s.
Thanks :)

@eikenb eikenb mentioned this issue Nov 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
0.26.0
4 participants
@eikenb @Dentrax @yilmazo @rishianand06