Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VAULT-528 Fix Vault Agent being unable to render secrets with delete_version_after set. #25387

Merged
merged 4 commits into from
Feb 13, 2024
Merged

VAULT-528 Fix Vault Agent being unable to render secrets with delete_version_after set. #25387

merged 4 commits into from
Feb 13, 2024

Conversation

VioletHynes
Copy link
Contributor

@VioletHynes VioletHynes commented Feb 13, 2024
edited
Loading

The actual fix was in consul-template (see: hashicorp/consul-template#1879). This PR adds a test to validate the fix works (the test failed before the dependency upgrade).

Resolves #9898
Resolves hashicorp/vault-k8s#176

@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Feb 13, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 13, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

@VioletHynes VioletHynes added this to the 1.17.0-rc milestone Feb 13, 2024
@VioletHynes VioletHynes marked this pull request as ready for review February 13, 2024 19:29
VioletHynes
VioletHynes commented Feb 13, 2024
View reviewed changes
command/agent_test.go
@@ -3204,6 +3206,159 @@ auto_auth {
require.Truef(t, found, "unable to find consul-template partial message in logs", runnerLogMessage)
}

// TestAgent_DeleteAfterVersion_Rendering Validates that Vault Agent
// can correctly render a secret with delete_after_version set.
func TestAgent_DeleteAfterVersion_Rendering(t *testing.T) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hopefully needless to say, but this test fails with an older version of consul-template (without the fix), and correctly validates the fix works.

@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@VioletHynes VioletHynes merged commit a1cb18b into main Feb 13, 2024
91 of 104 checks passed
@VioletHynes VioletHynes deleted the violethynes/VAULT-528 branch February 13, 2024 19:49
VioletHynes added a commit that referenced this pull request Feb 13, 2024
@VioletHynes
VAULT-528 Fix Vault Agent being unable to render secrets with delete_…
e7ed488 
…version_after set. (#25387)

* VAULT-528 add test reproducing the failure that should pass after the fix

* VAULT-528 Upgrade consul-template to version with the fix

* VAULT-528 changelog
@VioletHynes VioletHynes mentioned this pull request Feb 13, 2024
Merged
VioletHynes added a commit that referenced this pull request Feb 13, 2024
@VioletHynes
Manual backport (1.15.x): VAULT-528 Fix Vault Agent being unable to r…
160f3d2 
…ender secrets with delete_version_after set. (#25388)

* VAULT-528 Fix Vault Agent being unable to render secrets with delete_version_after set. (#25387)

* VAULT-528 add test reproducing the failure that should pass after the fix

* VAULT-528 Upgrade consul-template to version with the fix

* VAULT-528 changelog

* VAULT-528 we need VersionedKVFactory on this branch

* VAULT-528 typo
Merged
@thevilledev thevilledev mentioned this pull request Mar 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcboudreau marcboudreau marcboudreau approved these changes

@divyaac divyaac divyaac approved these changes

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.17.0-rc
3 participants
@VioletHynes @marcboudreau @divyaac