search

hashicorp / consul-template

Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.
https://www.hashicorp.com/
Mozilla Public License 2.0
4.73k stars 785 forks source link

If a KV secret is marked for future deletion the secret is not return when it is still valid. #1881

Open darkedges opened 4 months ago

darkedges commented 4 months ago

Please note that the Consul Template issue tracker is reserved for bug reports and enhancements. For general usage questions, please use the Consul Community Portal or the Consul mailing list:

https://discuss.hashicorp.com/c/consul
https://groups.google.com/forum/#!forum/cons

Consul Template version

HashiCorp Vault 1.15.2 uses 0.33

Configuration

Please review https://github.com/hashicorp/vault-k8s/issues/123

Expected behavior

If a secret is marked for future deletion and it is within the timeframe it should be generated.

Actual behavior

The following https://github.com/hashicorp/consul-template/blob/v0.33.0/dependency/vault_read.go#L181 just checks to see if the value is present instead of verifying it should have been deleted.

Steps to reproduce

Please review https://github.com/hashicorp/vault-k8s/issues/123

References

Please review https://github.com/hashicorp/vault-k8s/issues/123

thevilledev commented 3 months ago

This was fixed in #1879 and released in consul-template version 0.37.0 (see changelog here).

The fix was then incorporated into:

You were running Vault v1.15.2 so updating to v1.15.6 (or newer) should fix it for you.