vault template stanza exec object appears to not parse correctly

[johnalotoski]

The vault documentation for a template stanza describes the exec declaration as:

[exec](https://www.vaultproject.io/docs/agent/template#exec) (object: optional) - 
The exec block executes a command when the template is rendered and the output has changed. 
The block parameters are command (string slice: required) and timeout (string: optional, defaults to 30s).

For vault v1.11.0 with consul-template 0.29.0, the consul template config docs show the exec hcl block example as:

template {

  # ...

  # This is the optional exec block to give a command to be run when the template 
  # is rendered. The command will only run if the resulting template changes. 
  # The command must return within 30s (configurable), and it must have a 
  # successful exit code.
  # See the Exec section below and the Commands section in the README for more.
  exec {
      command = ["restart", "service", "foo"]
      timeout = "30s"
  }
}

The JSON equivalent (what we are using for config submission to vault-agent) for the exec block should be:

      ...
      "exec": [
        {
          "command": [
            "restart",
            "service",
            "foo"
          ],
          "timeout": "30s"
        }
      ],
      ...

However, this JSON produces the error:

Error loading configuration from $FILE.json: error parsing 'template': 1 error(s) decoding:

* 'exec' expected a map, got 'slice'

I cannot seem to change the JSON in any manner to get the exec declaration to parse correctly.
Another user independently reported the same issue in the hashicorp discussion channel here.

For now, falling back to use of the deprecated command (string) is a workaround.

Environment:
Vault v1.11.0 (ea296cc), built 2022-06-17T15:48:44Z
NixOS, x86_64-linux

[jasonodonnell]

@johnalotoski Can you try this format for exec?

  "Templates": [
    {
      "Destination": "/path/on/disk/where/template/will/render.txt",
      "Exec": {
        "Command": [
          "test"
        ],
      },
      "Source": "/path/on/disk/to/template.ctmpl"
    }
  ]

[johnalotoski]

Hi @jasonodonnell, thanks for the fast response!

Testing with that verbatim (and removing the extra comma after the command list in the exec object), I receive:

[ERROR] runtime error encountered: error="template server failed to create: template: must specify exactly one of 'source' or 'contents'"

However, "Source" is definitely included, as shown above.

It seems, though, that I should be using singular "Template" which if I only change Templates to Template from the above (with the removal of the extra comma) then I receive the same error as reported:

* 'exec' expected a map, got 'slice'

If I modify both the Templates to singular, and revert to the deprecated command declaration instead of exec, it parses properly:

  "Template": [
    {
      "Destination": "/path/on/disk/where/template/will/render.txt",
      "Command": "test",
      "Source": "/path/on/disk/to/template.ctmpl"
    }
  ]

[jasonodonnell]

@johnalotoski This turned out to be a bug, so I opened a PR to fix it. Thanks and hope this helps!

[johnalotoski]

Thank you so much!