remove mesh from env variable name

1 year ago · 1e37e1318e
parent 86c599531c
commit 1e37e1318e
4 changed files with 13 additions and 13 deletions
--- a/.changelog/17981.txt
+++ b/.changelog/17981.txt
@ -1,3 +1,3 @@
 ```release-note:improvement
-connect: add support for setting Vault address and token through environment variables CONSUL_MESH_CA_VAULT_ADDR and CONSUL_MESH_CA_VAULT_TOKEN for the CA provider
+connect: add support for setting Vault address and token through environment variables CONSUL_CA_VAULT_ADDR and CONSUL_CA_VAULT_TOKEN for the CA provider
 ```
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@ -29,8 +29,8 @@ import (
 const (
 	VaultCALeafCertRole = "leaf-cert"

-	VaultCAEnvAddr  = "CONSUL_MESH_CA_VAULT_ADDR"
-	VaultCAEnvToken = "CONSUL_MESH_CA_VAULT_TOKEN"
+	VaultCAEnvAddr  = "CONSUL_CA_VAULT_ADDR"
+	VaultCAEnvToken = "CONSUL_CA_VAULT_TOKEN"

 	VaultAuthMethodTypeAliCloud     = "alicloud"
 	VaultAuthMethodTypeAppRole      = "approle"
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@ -78,7 +78,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"both env token and auth method provided": {
 			rawConfig: map[string]interface{}{"AuthMethod": map[string]interface{}{"Type": "test"}, "Address": "http://vaultConfigAddr:8200"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "test"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "test"},
 			expError:  "only one of Vault token or Vault auth method can be provided, but not both",
 		},
 		"primary no root PKI path": {
@ -113,7 +113,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"vault address provided from env": {
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
 				Address:                "http://vaultEnvAddr:8200",
@ -124,7 +124,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"vault address precedence when provided from env and config": {
 			rawConfig: map[string]interface{}{"Token": "test", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
 				Address:                "http://vaultEnvAddr:8200",
@ -135,7 +135,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"vault token provided from env": {
 			rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "test"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "test"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
 				Address:                "http://vaultConfigAddr:8200",
@ -146,7 +146,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"vault token precedence when provided from env and config": {
 			rawConfig: map[string]interface{}{"Token": "tokenFromConfig", "RootPKIPath": "test", "IntermediatePKIPath": "test", "Address": "http://vaultConfigAddr:8200"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": "tokenFromEnv"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_TOKEN": "tokenFromEnv"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
 				Address:                "http://vaultConfigAddr:8200",
@ -157,7 +157,7 @@ func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) {
 		},
 		"vault token and addr provided from env": {
 			rawConfig: map[string]interface{}{"RootPKIPath": "test", "IntermediatePKIPath": "test"},
-			envConfig: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": "http://vaultEnvAddr:8200", "CONSUL_MESH_CA_VAULT_TOKEN": "test"},
+			envConfig: map[string]string{"CONSUL_CA_VAULT_ADDR": "http://vaultEnvAddr:8200", "CONSUL_CA_VAULT_TOKEN": "test"},
 			expConfig: &structs.VaultCAProviderConfig{
 				CommonCAProviderConfig: defaultCommonConfig(),
 				Address:                "http://vaultEnvAddr:8200",
@ -345,13 +345,13 @@ func TestVaultCAProvider_ConfigureFromEnv(t *testing.T) {
 		"DefaultConfigWithEnvTokenMissing": {
 			envOnlyToken:      true,
 			envOnlyAddr:       false,
-			envConfigOverride: map[string]string{"CONSUL_MESH_CA_VAULT_TOKEN": ""},
+			envConfigOverride: map[string]string{"CONSUL_CA_VAULT_TOKEN": ""},
 			expError:          "must provide a Vault token or configure a Vault auth method",
 		},
 		"DefaultConfigWithEnvAddrMissing": {
 			envOnlyToken:      true,
 			envOnlyAddr:       true,
-			envConfigOverride: map[string]string{"CONSUL_MESH_CA_VAULT_ADDR": ""},
+			envConfigOverride: map[string]string{"CONSUL_CA_VAULT_ADDR": ""},
 			expError:          "must provide a Vault address",
 		},
 	}
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@ -86,14 +86,14 @@ The first key refers to the option name for use in API calls.
 The key after the slash refers to the corresponding option name in the agent configuration file.

 - `Address` / `address` (`string: <required>`) - The address of the Vault
-  server. You can also provide the address through the `CONSUL_MESH_CA_VAULT_ADDR` environment variable. If the address is provided through the environment variable it takes precedence over the value set in the configuration file.
+  server. You can also provide the address through the `CONSUL_CA_VAULT_ADDR` environment variable. If the address is provided through the environment variable it takes precedence over the value set in the configuration file.

 - `Token` / `token` (`string: ""`) - A token for accessing Vault.
  This is write-only and will not be exposed when reading the CA configuration.
  This token must have [proper privileges](#vault-acl-policies) for the PKI
  paths configured. In Consul 1.8.5 and later, if the token has the [renewable](/vault/api-docs/auth/token#renewable)
  flag set, Consul will attempt to renew its lease periodically after half the
-  duration has expired. You can also provide the token through the `CONSUL_MESH_CA_VAULT_TOKEN` environment variable. If the token is provided through the environment variable it takes precedence over the value set in the configuration file.
+  duration has expired. You can also provide the token through the `CONSUL_CA_VAULT_TOKEN` environment variable. If the token is provided through the environment variable it takes precedence over the value set in the configuration file.

  !> **Warning:** You must either provide a token or configure an auth method below.