Skip to content

Rebase to latest consul-template#6

Draft
jficz wants to merge 217 commits intoopenbao:mainfrom
jficz:rebase-consul-template
Draft

Rebase to latest consul-template#6
jficz wants to merge 217 commits intoopenbao:mainfrom
jficz:rebase-consul-template

Conversation

@jficz
Copy link
Copy Markdown

@jficz jficz commented Jul 16, 2025

This needs to be checked thoroughly.

dependabot bot and others added 30 commits January 2, 2024 09:22
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add MaxConnsPerHost transport config parameter

* add support for MaxConnsPerHost to Vault client

* fix config finalize tests

* gofumpt

* update DefaultMaxConnsPerHost godoc comment

* add MaxConnsPerHost to transport GoString

* add MaxConnsPerHost case to config TestParse

* add support for vault-transport-max-conns-per-host

---------

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Release notes for v0.36.0

* remove test PR from changelog

* update changelog release date
- new template function to access consul peerings in consul template.
- test cases for the same.
[NET-6966] consul-template support for listing peerings
- bug fix for SeatGeek: Services function in CT (consul-template) does not update the namespace for each services API call
- opts should be defaulted to the opts at query creation.
- then they should be merged with the opts present in Fetch.
- currently the merge was the other way around.
- ENT test support is not there, so no test cases added as of now.
- bug fix for SeatGeek: Services function in CT (consul-template) does not update the namespace for each services API call
- opts should be defaulted to the opts at query creation.
- then they should be merged with the opts present in Fetch.
- currently the merge was the other way around.
- ENT test support is not there, so no test cases added as of now.
- bug fix for SeatGeek: Services function in CT (consul-template) does not update the namespace for each services API call
- opts should be defaulted to the opts at query creation.
- then they should be merged with the opts present in Fetch.
- currently the merge was the other way around.
- ENT test support is not there, so no test cases added as of now.
- bug fix for SeatGeek: Services function in CT (consul-template) does not update the namespace for each services API call
- opts should be defaulted to the opts at query creation.
- then they should be merged with the opts present in Fetch.
- currently the merge was the other way around.
- ENT test support is not there, so no test cases added as of now.
- bug fix for SeatGeek: Services function in CT (consul-template) does not update the namespace for each services API call
- opts should be defaulted to the opts at query creation.
- then they should be merged with the opts present in Fetch.
- currently the merge was the other way around.
- ENT test support is not there, so no test cases added as of now.
- updating comments
- amending string conversion so that map key could also have dc+ns+partition while tracking the dependency.
- updating comments
- updating string
…elete_version_after set on them (hashicorp#1879)

* VAULT-528 Fix issue with consul-template not rendering secrets with delete_version_after set on them

* VAULT-528 Improve comment

* VAULT-528 two extra edge cases
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
- CT ENT tests for all consul resource supporting partition and ns.
- bug fix for map keys, keys did not contain partition and ns, so could have been overridden if same key in a different ns and partition is added as a dependency.
sreeram77 and others added 29 commits May 19, 2025 23:21
fix: timeout issues for list.peerings
Pre-compute Sprig template functions during package init.
Avoids repeated map allocation and string concatenation
for Sprig functions on every template execution, addressing
performance overhead reported in hashicorp#2031.

In addition, use HermeticTxtFuncMap which only imports
repeatable functions. This is primarily to avoid potentially
malicious input.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
…g-func

feat(template): optimize and deprecate sprig functions
* add: denlylist pattern support

* use go-glob

* better comment

* add go-glob in the depguard allowlist
…2061)

* build(deps): bump go version and x-repositories to latest

* ci: fix linter version

* ci: linter version

* ci: linter version

* ci: linter version

* ci: linter version

* lint: migrate to v2 to support new go version

* fix: lint issues

* update linter allowlist to add go-glob
…ned-version

fix: use 3.21 instead of latest for alpine in Dockerfile
[Compliance] - PR Template Changes Required
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
This replaces the name consul-template in many places,
switching to openbao-template. Note that non-code instances
of consul-template were not yet removed.

This also updates environment variables to use the new API
helpers (ReadBaoVariable) and to use the new BAO_ prefix
which will auto-detect for VAULT_ prefixes.

Technically this latter is a breaking change: the config of
openbao-template now outputs in BAO-prefixed variables
regardless of server to template against.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Signed-off-by: driif <andrii.fedorchuk@secretz.io>
Signed-off-by: Jakub Fišer <j@jfi.cz>
Signed-off-by: Jakub Fišer <j@jfi.cz>
Remove tests for removed functions (from Consul and Nomad deps)
@jficz jficz force-pushed the rebase-consul-template branch from d0c5899 to e8a830d Compare July 16, 2025 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.