Remco not reading JSON secret from Vault
pwyatt87 opened this issue · comments
I have a json secret stored in vault that I'm trying to read with remco.
$ vault kv get /tenant/AdamsAndSons-8/app1/properties
====== Data ======
Key Value
--- -----
093 KKQ true
1-74144 true
877 WHM false
ZBD 291 true
ZDP 140 true
workflows [map[workflowName:workflow-1 workflowTenantName:Adams and Sons 1] map[workflowName:workflow-2 workflowTenantName:Adams and Sons 2] map[workflowName:workflow-3 workflowTenantName:Adams and Sons 3]]
Remco doesn't pick it up when I try to read it. Here's the template function I'm using to pull it down:
{% with get("/tenant/AdamsAndSons-8/app1/properties") as dat %}
I'm getting this error:
createStageFileAndSync failed: create stage file failed: template execution failed: [Error (where: execution) in ./config.json.toml | Line 1 Col 9 near 'get'] key does not exist: /tenant/AdamsAndSons-8/app1/properties
I believe it's caused by this delete() on JSON secrets in easyKV:
https://github.com/HeavyHorst/easykv/blob/master/vault/client.go#L225
Here's my config.toml just for completeness
################################################################
# Global configuration
################################################################
log_level = "trace"
log_format = "text"
################################################################
# Resource configuration
################################################################
[[resource]]
[[resource.template]]
src = "./config.json.toml"
dst = "config.json"
[resource.backend]
[resource.backend.vault]
node = "http://localhost:8200"
keys = [ "tenant" ]
auth_type = "token"
auth_token = "my token"
interval = 10
onetime=true
What is the output of:
{% for kv in gets("/rust/cfg/*") %}
{{ kv.Key }} {{ kv.Value }}
{% endfor %}
?
All keys start with "/" so it should be
keys = [ "/tenant" ]
Sorry, you're right about the preceding /.
Here's the /rust/cfg key in vault:
/ $ vault kv get /rust/cfg/foo
=== Data ===
Key Value
--- -----
bar map[baz:bat]
Here's my config.toml to pull that key:
################################################################
# Global configuration
################################################################
log_level = "trace"
log_format = "text"
################################################################
# Resource configuration
################################################################
[[resource]]
[[resource.template]]
src = "./config.json.toml"
dst = "config.json"
[resource.backend]
[resource.backend.vault]
node = "http://localhost:8200"
keys = [ "/rust" ]
auth_type = "token"
auth_token = "my token"
interval = 10
onetime=true
Here's the template file:
{% for kv in gets("/rust/cfg/*") %}
{{ kv.Key }} {{ kv.Value }}
{% endfor %}
This produces an empty config.json file for me. If i remove that line line the easyKV repo and rebuild, i get this:
→ cat config.json
/rust/cfg/foo {"bar":{"baz":"bat"}}
Ok, that returned:
/rust/cfg/foo/bar/baz bat