Closed Dentrax closed 3 years ago
I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.
in.tpl
{{ range secrets "secret/metadata" }}
{{ . }}{{ end }}
in2.tpl
{{ range secrets "secret/metadata" }}
{{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }}
{{ $k }}: {{ $v }}
{{ end }}{{ end }}{{ end }}
I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.
in.tpl
{{ range secrets "secret/metadata" }} {{ . }}{{ end }}
in2.tpl
{{ range secrets "secret/metadata" }} {{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }} {{ $k }}: {{ $v }} {{ end }}{{ end }}{{ end }}
I think this is related to KV-v2 secrets engine. adding 'metadata' to secret path worked for me.
in.tpl
{{ range secrets "secret/metadata" }} {{ . }}{{ end }}
in2.tpl
{{ range secrets "secret/metadata" }} {{ with secret (printf "secret/data/%s" .) }}{{ range $k, $v := .Data.data }} {{ $k }}: {{ $v }} {{ end }}{{ end }}{{ end }}
My Environment - consul-template v0.25.2 (c8372a0a) Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)
Put secrets in vault - vault kv put secret/tools/tool1/token/acc1 key1='vaule1' vault kv put secret/tools/tool1/token/acc1 key2='vaule1'
vault kv put secret/tools/tool1/token/acc2 key3='vaule2'
acc1 acc2
vault kv get secret/tools/tool1/token/acc1 ============= Data ============= Key Value
key1 value1 key2 value1
vault kv get secret/tools/tool1/token/acc2 ============= Data ============= Key Value
key3 value2
Consul templates - Now I need to write consul templates to read K/V pairs for each account (acc1, acc2,.....). Tried to do the same way, as you told.
in.tpl {{ range secrets "secret/tools/tool1/token/metadata" }} {{ with secret (printf "secret/tools/tool1/token/data/%s" .) }}{{ range $k, $v := .Data.data }} {{ $k }}: {{ $v }} {{ end }}{{ end }}{{ end }}
Run
consul-template -template "in.tpl:out.txt" -once
Actual behavior $ cat out.txt => EMPTY
Expected behavior It should render:
key1 value1 key2 value1 key3 value2
Please let me know, if I am missing something.
Thanks
Hey @rishianand06,
Have you tried with a build from the master branch yet, this should be fixed there. It (the fix) will also be included in version 0.26.0, which I'll be releasing sometime in the next week or two.
If this was tried on the master branch and it didn't fix it for you please let me know. Thanks.
@eikenb No I haven't tried that yet. Will try and let you know in case of any issue/s. Thanks :)
Consul Template version
consul-template v0.25.2 (870905d)
Vault v1.7.0 ('4e222b85c40a810b74400ee3c54449479e32bb9f+CHANGES')
Configuration
in.tpl
in2.tpl
Command
P.S: I can not see any requests logs here after run
consul-template
CLI.Debug output
https://paste.ubuntu.com/p/SqTPQGJm2W/
Expected behavior
It should render:
Actual behavior
$ cat out.txt
=> EMPTYSteps to reproduce
$ vault server -dev -dev-root-token-id=root -log-level=trace
$ vault kv put secret/foo bar=baz
$ vault kv list secret/
$ consul-template -template "in.tpl:out.txt" -vault-renew-token=false -vault-token='root' -once
=> OK$ cat out.txt
=> EMPTYTrace logs:
References
cc: @developer-guy