search

hashicorp / consul-template

Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.
https://www.hashicorp.com/
Mozilla Public License 2.0
4.75k stars 784 forks source link

can't pass array argument to `secret` #1194

Open lexelby opened 5 years ago

lexelby commented 5 years ago

Template: {{with secret "/auth/token/create" "policies=policy1,policy2"}}{{.Auth.ClientToken}}{{ end }}

Expected behavior

What should have happened?

I should get a new token with policies "policy1" and "policy2".

Actual behavior

I get an error, * child policies must be subset of parent. This is because my policies argument is being treated as a single policy with a comma in its name, rather than two separate policies.

Discussion

The parsing code for the secret function treats argument values as strings. There's no way to pass an array as is expected by the policies argument to auth/token/create.

marknl commented 1 year ago

Any change this is getting fixed? Workaround is to slowly create a "one-policy-to-rule-them-all" instead of attaching more policies and keep a clear sight of what's attached.