remove mesh from env variable name

pull/17981/head
Ville Vesilehto 1 year ago
parent 86c599531c
commit 1e37e1318e
No known key found for this signature in database
GPG Key ID: 35DFD9623B53B041

@ -1,3 +1,3 @@
```release-note:improvement ```release-note:improvement
connect: add support for setting Vault address and token through environment variables CONSUL_MESH_CA_VAULT_ADDR and CONSUL_MESH_CA_VAULT_TOKEN for the CA provider connect: add support for setting Vault address and token through environment variables CONSUL_CA_VAULT_ADDR and CONSUL_CA_VAULT_TOKEN for the CA provider
``` ```

@ -29,8 +29,8 @@ import (
const ( const (
VaultCALeafCertRole = "leaf-cert" VaultCALeafCertRole = "leaf-cert"
VaultCAEnvAddr = "CONSUL_MESH_CA_VAULT_ADDR" VaultCAEnvAddr = "CONSUL_CA_VAULT_ADDR"
VaultCAEnvToken = "CONSUL_MESH_CA_VAULT_TOKEN" VaultCAEnvToken = "CONSUL_CA_VAULT_TOKEN"
VaultAuthMethodTypeAliCloud = "alicloud" VaultAuthMethodTypeAliCloud = "alicloud"
VaultAuthMethodTypeAppRole = "approle" VaultAuthMethodTypeAppRole = "approle"

@ -78,7 +78,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"both env token and auth method provided": { "both env token and auth method provided": {
rawConfig: map[string]interface{}{"AuthMethod": map[string]interface{}{"Type": "test"}, "Address": "http://vaultConfigAddr:8200"}, rawConfig: map[string]interface{}{"AuthMethod": map[string]interface{}{"Type": "test"}, "Address": "http://vaultConfigAddr:8200"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "test"}, envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "test"},
expError: "only one of Vault token or Vault auth method can be provided, but not both", expError: "only one of Vault token or Vault auth method can be provided, but not both",
}, },
"primary no root PKI path": { "primary no root PKI path": {
@ -113,7 +113,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"vault address provided from env": { "vault address provided from env": {
rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test"}, rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"}, envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
expConfig: &structs.VaultCAProviderConfig{ expConfig: &structs.VaultCAProviderConfig{
CommonCAProviderConfig: defaultCommonConfig(), CommonCAProviderConfig: defaultCommonConfig(),
Address: "http://vaultEnvAddr:8200", Address: "http://vaultEnvAddr:8200",
@ -124,7 +124,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"vault address precedence when provided from env and config": { "vault address precedence when provided from env and config": {
rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"}, rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"}, envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
expConfig: &structs.VaultCAProviderConfig{ expConfig: &structs.VaultCAProviderConfig{
CommonCAProviderConfig: defaultCommonConfig(), CommonCAProviderConfig: defaultCommonConfig(),
Address: "http://vaultEnvAddr:8200", Address: "http://vaultEnvAddr:8200",
@ -135,7 +135,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"vault token provided from env": { "vault token provided from env": {
rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"}, rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "test"}, envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "test"},
expConfig: &structs.VaultCAProviderConfig{ expConfig: &structs.VaultCAProviderConfig{
CommonCAProviderConfig: defaultCommonConfig(), CommonCAProviderConfig: defaultCommonConfig(),
Address: "http://vaultConfigAddr:8200", Address: "http://vaultConfigAddr:8200",
@ -146,7 +146,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"vault token precedence when provided from env and config": { "vault token precedence when provided from env and config": {
rawConfig: map[string]interface{}{"Token": "tokenFromConfig", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"}, rawConfig: map[string]interface{}{"Token": "tokenFromConfig", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "tokenFromEnv"}, envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "tokenFromEnv"},
expConfig: &structs.VaultCAProviderConfig{ expConfig: &structs.VaultCAProviderConfig{
CommonCAProviderConfig: defaultCommonConfig(), CommonCAProviderConfig: defaultCommonConfig(),
Address: "http://vaultConfigAddr:8200", Address: "http://vaultConfigAddr:8200",
@ -157,7 +157,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
}, },
"vault token and addr provided from env": { "vault token and addr provided from env": {
rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test"}, rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test"},
envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200", "CONSUL_MESH_CA_VAULT_TOKEN": "test"}, envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200", "CONSUL_CA_VAULT_TOKEN": "test"},
expConfig: &structs.VaultCAProviderConfig{ expConfig: &structs.VaultCAProviderConfig{
CommonCAProviderConfig: defaultCommonConfig(), CommonCAProviderConfig: defaultCommonConfig(),
Address: "http://vaultEnvAddr:8200", Address: "http://vaultEnvAddr:8200",
@ -345,13 +345,13 @@ func TestVaultCAProvider_ConfigureFromEnv(t *testing.T) {
"DefaultConfigWithEnvTokenMissing": { "DefaultConfigWithEnvTokenMissing": {
envOnlyToken: true, envOnlyToken: true,
envOnlyAddr: false, envOnlyAddr: false,
envConfigOverride: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": ""}, envConfigOverride: map[string]string{"CONSUL_CA_VAULT_TOKEN": ""},
expError: "must provide a Vault token or configure a Vault auth method", expError: "must provide a Vault token or configure a Vault auth method",
}, },
"DefaultConfigWithEnvAddrMissing": { "DefaultConfigWithEnvAddrMissing": {
envOnlyToken: true, envOnlyToken: true,
envOnlyAddr: true, envOnlyAddr: true,
envConfigOverride: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": ""}, envConfigOverride: map[string]string{"CONSUL_CA_VAULT_ADDR": ""},
expError: "must provide a Vault address", expError: "must provide a Vault address",
}, },
} }

@ -86,14 +86,14 @@ The first key refers to the option name for use in API calls.
The key after the slash refers to the corresponding option name in the agent configuration file. The key after the slash refers to the corresponding option name in the agent configuration file.
- `Address` / `address` (`string: <required>`) - The address of the Vault - `Address` / `address` (`string: <required>`) - The address of the Vault
server. You can also provide the address through the `CONSUL_MESH_CA_VAULT_ADDR` environment variable. If the address is provided through the environment variable it takes precedence over the value set in the configuration file. server. You can also provide the address through the `CONSUL_CA_VAULT_ADDR` environment variable. If the address is provided through the environment variable it takes precedence over the value set in the configuration file.
- `Token` / `token` (`string: ""`) - A token for accessing Vault. - `Token` / `token` (`string: ""`) - A token for accessing Vault.
This is write-only and will not be exposed when reading the CA configuration. This is write-only and will not be exposed when reading the CA configuration.
This token must have [proper privileges](#vault-acl-policies) for the PKI This token must have [proper privileges](#vault-acl-policies) for the PKI
paths configured. In Consul 1.8.5 and later, if the token has the [renewable](/vault/api-docs/auth/token#renewable) paths configured. In Consul 1.8.5 and later, if the token has the [renewable](/vault/api-docs/auth/token#renewable)
flag set, Consul will attempt to renew its lease periodically after half the flag set, Consul will attempt to renew its lease periodically after half the
duration has expired. You can also provide the token through the `CONSUL_MESH_CA_VAULT_TOKEN` environment variable. If the token is provided through the environment variable it takes precedence over the value set in the configuration file. duration has expired. You can also provide the token through the `CONSUL_CA_VAULT_TOKEN` environment variable. If the token is provided through the environment variable it takes precedence over the value set in the configuration file.
!> **Warning:** You must either provide a token or configure an auth method below. !> **Warning:** You must either provide a token or configure an auth method below.

Loading…
Cancel
Save