consul-template
consul-template copied to clipboard
hashicorp
If a KV secret is marked for future deletion the secret is not return when it is still valid.
Please note that the Consul Template issue tracker is reserved for bug reports and enhancements. For general usage questions, please use the Consul Community Portal or the Consul mailing list:
https://discuss.hashicorp.com/c/consul
https://groups.google.com/forum/#!forum/cons
Consul Template version
HashiCorp Vault 1.15.2 uses 0.33
Configuration
Please review https://github.com/hashicorp/vault-k8s/issues/123
Expected behavior
If a secret is marked for future deletion and it is within the timeframe it should be generated.
Actual behavior
The following https://github.com/hashicorp/consul-template/blob/v0.33.0/dependency/vault_read.go#L181 just checks to see if the value is present instead of verifying it should have been deleted.
Steps to reproduce
Please review https://github.com/hashicorp/vault-k8s/issues/123
References
Please review https://github.com/hashicorp/vault-k8s/issues/123
This was fixed in #1879 and released in consul-template version 0.37.0 (see changelog here).
The fix was then incorporated into:
- Vault v1.15 https://github.com/hashicorp/vault/pull/25388
- Vault v1.16 https://github.com/hashicorp/vault/pull/25412
- Vault v1.17 https://github.com/hashicorp/vault/pull/25387
You were running Vault v1.15.2 so updating to v1.15.6 (or newer) should fix it for you.
