From 5b32be648d8b39304b6840dc30a7261ab236a3df Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Sun, 23 Aug 2020 10:26:44 +0200 Subject: [PATCH 1/2] vendor: consul-template v0.25.1 Signed-off-by: Yoan Blanc --- .../allocrunner/taskrunner/task_dir_hook.go | 2 +- .../taskrunner/template/template.go | 2 +- .../taskrunner/template/template_test.go | 4 +- .../allocrunner/taskrunner/validate_hook.go | 2 +- client/client.go | 7 +- client/config/config.go | 36 ++-- client/fingerprint_manager.go | 18 +- client/fingerprint_manager_test.go | 8 +- command/acl_policy.go | 2 +- command/agent/agent.go | 5 +- command/agent/config.go | 17 +- command/agent/config_test.go | 8 +- command/agent/testdata/obj-len-one.hcl | 2 +- command/agent/testdata/obj-len-one.json | 2 +- drivers/docker/config.go | 13 +- drivers/docker/driver.go | 2 +- drivers/docker/driver_darwin_test.go | 2 +- drivers/docker/driver_test.go | 32 ++-- e2e/terraform/shared/nomad/client.hcl | 2 +- go.mod | 4 +- go.sum | 28 +-- nomad/leader_test.go | 2 +- nomad/structs/node_class.go | 10 +- plugins/drivers/testutils/testing.go | 2 +- .../hashicorp/consul-template/child/child.go | 31 ++-- .../consul-template/config/config.go | 50 ++++- .../consul-template/config/consul.go | 16 ++ .../hashicorp/consul-template/config/dedup.go | 22 ++- .../config/default_delimiters.go | 53 ++++++ .../hashicorp/consul-template/config/env.go | 123 ++++++++---- .../consul-template/config/syslog.go | 25 ++- .../consul-template/config/template.go | 41 +++- .../hashicorp/consul-template/config/vault.go | 23 ++- .../consul-template/dependency/client_set.go | 5 + .../dependency/health_service.go | 8 +- .../dependency/vault_common.go | 65 +++---- .../consul-template/dependency/vault_read.go | 24 ++- .../consul-template/dependency/vault_token.go | 1 - .../consul-template/manager/runner.go | 60 +++--- .../consul-template/renderer/renderer.go | 5 +- .../consul-template/template/funcs.go | 175 +++++++++++++++++- .../consul-template/template/template.go | 50 ++--- .../consul-template/version/version.go | 2 +- .../hashicorp/consul-template/watch/view.go | 26 +-- .../consul-template/watch/watcher.go | 36 ++-- vendor/modules.txt | 4 +- 46 files changed, 745 insertions(+), 312 deletions(-) create mode 100644 vendor/github.com/hashicorp/consul-template/config/default_delimiters.go diff --git a/client/allocrunner/taskrunner/task_dir_hook.go b/client/allocrunner/taskrunner/task_dir_hook.go index dce355bc990..66cb2ead3be 100644 --- a/client/allocrunner/taskrunner/task_dir_hook.go +++ b/client/allocrunner/taskrunner/task_dir_hook.go @@ -92,7 +92,7 @@ func setEnvvars(envBuilder *taskenv.Builder, fsi drivers.FSIsolation, taskDir *a // Set the host environment variables for non-image based drivers if fsi != drivers.FSIsolationImage { - filter := strings.Split(conf.ReadDefault("env.blacklist", cconfig.DefaultEnvBlacklist), ",") + filter := strings.Split(conf.ReadDefault("env.blacklist", cconfig.DefaultEnvDenylist), ",") envBuilder.SetHostEnvvars(filter) } } diff --git a/client/allocrunner/taskrunner/template/template.go b/client/allocrunner/taskrunner/template/template.go index caf3f99bcbf..c37ed9d4933 100644 --- a/client/allocrunner/taskrunner/template/template.go +++ b/client/allocrunner/taskrunner/template/template.go @@ -576,7 +576,7 @@ func parseTemplateConfigs(config *TaskTemplateManagerConfig) (map[*ctconf.Templa ct.Contents = &tmpl.EmbeddedTmpl ct.LeftDelim = &tmpl.LeftDelim ct.RightDelim = &tmpl.RightDelim - ct.FunctionBlacklist = config.ClientConfig.TemplateConfig.FunctionBlacklist + ct.FunctionDenylist = config.ClientConfig.TemplateConfig.FunctionDenylist if !config.ClientConfig.TemplateConfig.DisableSandbox { ct.SandboxPath = &config.TaskDir } diff --git a/client/allocrunner/taskrunner/template/template_test.go b/client/allocrunner/taskrunner/template/template_test.go index 459149ca4fd..03586ae07da 100644 --- a/client/allocrunner/taskrunner/template/template_test.go +++ b/client/allocrunner/taskrunner/template/template_test.go @@ -134,8 +134,8 @@ func newTestHarness(t *testing.T, templates []*structs.Template, consul, vault b config: &config.Config{ Region: region, TemplateConfig: &config.ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, }}, emitRate: DefaultMaxTemplateEventRate, } diff --git a/client/allocrunner/taskrunner/validate_hook.go b/client/allocrunner/taskrunner/validate_hook.go index 418f9084b7a..bf6d4942669 100644 --- a/client/allocrunner/taskrunner/validate_hook.go +++ b/client/allocrunner/taskrunner/validate_hook.go @@ -43,7 +43,7 @@ func validateTask(task *structs.Task, taskEnv *taskenv.TaskEnv, conf *config.Con var mErr multierror.Error // Validate the user - unallowedUsers := conf.ReadStringListToMapDefault("user.blacklist", config.DefaultUserBlacklist) + unallowedUsers := conf.ReadStringListToMapDefault("user.denylist", config.DefaultUserDenylist) checkDrivers := conf.ReadStringListToMapDefault("user.checked_drivers", config.DefaultUserCheckedDrivers) if _, driverMatch := checkDrivers[task.Driver]; driverMatch { if _, unallowed := unallowedUsers[task.User]; unallowed { diff --git a/client/client.go b/client/client.go index 31a62c8ad68..1c861e047fa 100644 --- a/client/client.go +++ b/client/client.go @@ -405,9 +405,10 @@ func NewClient(cfg *config.Config, consulCatalog consul.CatalogAPI, consulServic return nil, fmt.Errorf("fingerprinting failed: %v", err) } - // Build the white/blacklists of drivers. - allowlistDrivers := cfg.ReadStringListToMap("driver.whitelist") - blocklistDrivers := cfg.ReadStringListToMap("driver.blacklist") + // Build the allow/denylists of drivers. + // white/blacklist are there for backward compatible reasons only. + allowlistDrivers := cfg.ReadStringListToMap("driver.allowlist", "driver.whitelist") + blocklistDrivers := cfg.ReadStringListToMap("driver.denylist", "driver.blocklist", "driver.blacklist") // Setup the csi manager csiConfig := &csimanager.Config{ diff --git a/client/config/config.go b/client/config/config.go index ab282691f4e..55865f3dfc1 100644 --- a/client/config/config.go +++ b/client/config/config.go @@ -19,10 +19,10 @@ import ( ) var ( - // DefaultEnvBlacklist is the default set of environment variables that are + // DefaultEnvDenylist is the default set of environment variables that are // filtered when passing the environment variables of the host to a task. // duplicated in command/agent/host, update that if this changes. - DefaultEnvBlacklist = strings.Join([]string{ + DefaultEnvDenylist = strings.Join([]string{ "CONSUL_TOKEN", "CONSUL_HTTP_TOKEN", "VAULT_TOKEN", @@ -30,15 +30,15 @@ var ( "GOOGLE_APPLICATION_CREDENTIALS", }, ",") - // DefaultUserBlacklist is the default set of users that tasks are not + // DefaultUserDenylist is the default set of users that tasks are not // allowed to run as when using a driver in "user.checked_drivers" - DefaultUserBlacklist = strings.Join([]string{ + DefaultUserDenylist = strings.Join([]string{ "root", "Administrator", }, ",") // DefaultUserCheckedDrivers is the set of drivers we apply the user - // blacklist onto. For virtualized drivers it often doesn't make sense to + // denylist onto. For virtualized drivers it often doesn't make sense to // make this stipulation so by default they are ignored. DefaultUserCheckedDrivers = strings.Join([]string{ "exec", @@ -271,8 +271,8 @@ type Config struct { } type ClientTemplateConfig struct { - FunctionBlacklist []string - DisableSandbox bool + FunctionDenylist []string + DisableSandbox bool } func (c *ClientTemplateConfig) Copy() *ClientTemplateConfig { @@ -282,7 +282,7 @@ func (c *ClientTemplateConfig) Copy() *ClientTemplateConfig { nc := new(ClientTemplateConfig) *nc = *c - nc.FunctionBlacklist = helper.CopySliceString(nc.FunctionBlacklist) + nc.FunctionDenylist = helper.CopySliceString(nc.FunctionDenylist) return nc } @@ -319,8 +319,8 @@ func DefaultConfig() *Config { DisableTaggedMetrics: false, DisableRemoteExec: false, TemplateConfig: &ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, }, BackwardsCompatibleMetrics: false, RPCHoldTimeout: 5 * time.Second, @@ -415,15 +415,17 @@ func (c *Config) ReadDurationDefault(id string, defaultValue time.Duration) time return val } -// ReadStringListToMap tries to parse the specified option as a comma separated list. +// ReadStringListToMap tries to parse the specified option(s) as a comma separated list. // If there is an error in parsing, an empty list is returned. -func (c *Config) ReadStringListToMap(key string) map[string]struct{} { - s := strings.TrimSpace(c.Read(key)) +func (c *Config) ReadStringListToMap(keys ...string) map[string]struct{} { list := make(map[string]struct{}) - if s != "" { - for _, e := range strings.Split(s, ",") { - trimmed := strings.TrimSpace(e) - list[trimmed] = struct{}{} + for _, key := range keys { + s := strings.TrimSpace(c.Read(key)) + if s != "" { + for _, e := range strings.Split(s, ",") { + trimmed := strings.TrimSpace(e) + list[trimmed] = struct{}{} + } } } return list diff --git a/client/fingerprint_manager.go b/client/fingerprint_manager.go index e8993526ffa..a0cf281240e 100644 --- a/client/fingerprint_manager.go +++ b/client/fingerprint_manager.go @@ -65,28 +65,28 @@ func (fm *FingerprintManager) getNode() *structs.Node { } // Run starts the process of fingerprinting the node. It does an initial pass, -// identifying whitelisted and blacklisted fingerprints/drivers. Then, for +// identifying allowlisted and denylisted fingerprints/drivers. Then, for // those which require periotic checking, it starts a periodic process for // each. func (fp *FingerprintManager) Run() error { // First, set up all fingerprints cfg := fp.getConfig() - whitelistFingerprints := cfg.ReadStringListToMap("fingerprint.whitelist") - whitelistFingerprintsEnabled := len(whitelistFingerprints) > 0 - blacklistFingerprints := cfg.ReadStringListToMap("fingerprint.blacklist") + allowlistFingerprints := cfg.ReadStringListToMap("fingerprint.allowlist") + allowlistFingerprintsEnabled := len(allowlistFingerprints) > 0 + denylistFingerprints := cfg.ReadStringListToMap("fingerprint.denylist") fp.logger.Debug("built-in fingerprints", "fingerprinters", fingerprint.BuiltinFingerprints()) var availableFingerprints []string var skippedFingerprints []string for _, name := range fingerprint.BuiltinFingerprints() { - // Skip modules that are not in the whitelist if it is enabled. - if _, ok := whitelistFingerprints[name]; whitelistFingerprintsEnabled && !ok { + // Skip modules that are not in the allowlist if it is enabled. + if _, ok := allowlistFingerprints[name]; allowlistFingerprintsEnabled && !ok { skippedFingerprints = append(skippedFingerprints, name) continue } - // Skip modules that are in the blacklist - if _, ok := blacklistFingerprints[name]; ok { + // Skip modules that are in the denylist + if _, ok := denylistFingerprints[name]; ok { skippedFingerprints = append(skippedFingerprints, name) continue } @@ -99,7 +99,7 @@ func (fp *FingerprintManager) Run() error { } if len(skippedFingerprints) != 0 { - fp.logger.Debug("fingerprint modules skipped due to white/blacklist", + fp.logger.Debug("fingerprint modules skipped due to allow/denylist", "skipped_fingerprinters", skippedFingerprints) } diff --git a/client/fingerprint_manager_test.go b/client/fingerprint_manager_test.go index a7000095460..dd9d12729b6 100644 --- a/client/fingerprint_manager_test.go +++ b/client/fingerprint_manager_test.go @@ -66,8 +66,8 @@ func TestFingerprintManager_Run_InBlacklist(t *testing.T) { require := require.New(t) testClient, cleanup := TestClient(t, func(c *config.Config) { c.Options = map[string]string{ - "fingerprint.whitelist": " arch,memory,foo,bar ", - "fingerprint.blacklist": " cpu ", + "fingerprint.allowlist": " arch,memory,foo,bar ", + "fingerprint.denylist": " cpu ", } }) defer cleanup() @@ -96,8 +96,8 @@ func TestFingerprintManager_Run_Combination(t *testing.T) { testClient, cleanup := TestClient(t, func(c *config.Config) { c.Options = map[string]string{ - "fingerprint.whitelist": " arch,cpu,memory,foo,bar ", - "fingerprint.blacklist": " memory,host ", + "fingerprint.allowlist": " arch,cpu,memory,foo,bar ", + "fingerprint.denylist": " memory,host ", } }) defer cleanup() diff --git a/command/acl_policy.go b/command/acl_policy.go index f10718149f8..a742d75c430 100644 --- a/command/acl_policy.go +++ b/command/acl_policy.go @@ -16,7 +16,7 @@ Usage: nomad acl policy [options] [args] This command groups subcommands for interacting with ACL policies. Nomad's ACL system can be used to control access to data and APIs. ACL policies allow a - set of capabilities or actions to be granted or whitelisted. For a full guide + set of capabilities or actions to be granted or allowlisted. For a full guide see: https://www.nomadproject.io/guides/acl.html Create an ACL policy: diff --git a/command/agent/agent.go b/command/agent/agent.go index 4c1a700c90d..f4aae8b8be6 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -550,7 +550,10 @@ func convertClientConfig(agentConfig *Config) (*clientconfig.Config, error) { conf.ClientMaxPort = uint(agentConfig.Client.ClientMaxPort) conf.ClientMinPort = uint(agentConfig.Client.ClientMinPort) conf.DisableRemoteExec = agentConfig.Client.DisableRemoteExec - conf.TemplateConfig.FunctionBlacklist = agentConfig.Client.TemplateConfig.FunctionBlacklist + conf.TemplateConfig.FunctionDenylist = agentConfig.Client.TemplateConfig.FunctionDenylist + if agentConfig.Client.TemplateConfig.FunctionDenylistDeprecated != nil { + conf.TemplateConfig.FunctionDenylist = append(conf.TemplateConfig.FunctionDenylist, agentConfig.Client.TemplateConfig.FunctionDenylistDeprecated...) + } conf.TemplateConfig.DisableSandbox = agentConfig.Client.TemplateConfig.DisableSandbox hvMap := make(map[string]*structs.ClientHostVolumeConfig, len(agentConfig.Client.HostVolumes)) diff --git a/command/agent/config.go b/command/agent/config.go index eb1539bcb64..daa5e6d881e 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -307,9 +307,14 @@ type ClientConfig struct { // rendering type ClientTemplateConfig struct { - // FunctionBlacklist disables functions in consul-template that + // FunctionDenylist disables functions in consul-template that // are unsafe because they expose information from the client host. - FunctionBlacklist []string `hcl:"function_blacklist"` + FunctionDenylist []string `hcl:"function_denylist"` + + // FunctionDenylistDeprecated is the backward compatible option for + // FunctionDenylist. + // This should not be used directly, use FunctionDenylist instead. + FunctionDenylistDeprecated []string `hcl:"function_blacklist"` // DisableSandbox allows templates to access arbitrary files on the // client host. By default templates can access files only within @@ -827,8 +832,8 @@ func DevConfig(mode *devModeConfig) *Config { conf.Client.GCInodeUsageThreshold = 99 conf.Client.GCMaxAllocs = 50 conf.Client.TemplateConfig = &ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, } conf.Client.BindWildcardDefaultHostNetwork = true conf.Telemetry.PrometheusMetrics = true @@ -873,8 +878,8 @@ func DefaultConfig() *Config { RetryMaxAttempts: 0, }, TemplateConfig: &ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, }, BindWildcardDefaultHostNetwork: true, }, diff --git a/command/agent/config_test.go b/command/agent/config_test.go index 7c14432c7ef..a54af7f94ea 100644 --- a/command/agent/config_test.go +++ b/command/agent/config_test.go @@ -115,8 +115,8 @@ func TestConfig_Merge(t *testing.T) { ClientMaxPort: 19996, DisableRemoteExec: false, TemplateConfig: &ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, }, Reserved: &Resources{ CPU: 10, @@ -297,8 +297,8 @@ func TestConfig_Merge(t *testing.T) { MaxKillTimeout: "50s", DisableRemoteExec: false, TemplateConfig: &ClientTemplateConfig{ - FunctionBlacklist: []string{"plugin"}, - DisableSandbox: false, + FunctionDenylist: []string{"plugin"}, + DisableSandbox: false, }, Reserved: &Resources{ CPU: 15, diff --git a/command/agent/testdata/obj-len-one.hcl b/command/agent/testdata/obj-len-one.hcl index ba8a549f193..7d1485a2998 100644 --- a/command/agent/testdata/obj-len-one.hcl +++ b/command/agent/testdata/obj-len-one.hcl @@ -1,5 +1,5 @@ client { options { - driver.whitelist = "docker" + driver.allowlist = "docker" } } diff --git a/command/agent/testdata/obj-len-one.json b/command/agent/testdata/obj-len-one.json index a1e46acea24..7228771e210 100644 --- a/command/agent/testdata/obj-len-one.json +++ b/command/agent/testdata/obj-len-one.json @@ -1,7 +1,7 @@ { "client": { "options": { - "driver.whitelist": "docker" + "driver.allowlist": "docker" } }, "server": {} diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 1decb04a869..8b06103d01a 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -95,10 +95,21 @@ func PluginLoader(opts map[string]string) (map[string]interface{}, error) { conf["volumes"] = volConf // capabilities - if v, ok := opts["docker.caps.whitelist"]; ok { + if v, ok := opts["docker.caps.allowlist"]; ok { conf["allow_caps"] = strings.Split(v, ",") } + // backward compatible configuration + if v, ok := opts["docker.caps.whitelist"]; ok { + vs := strings.Split(v, ",") + switch conf["allow_caps"].(type) { + case []string: + conf["allow_caps"] = append(conf["allow_caps"].([]string), vs...) + default: + conf["allow_caps"] = vs + } + } + // privileged containers if v, err := strconv.ParseBool(opts["docker.privileged.enabled"]); err == nil { conf["allow_privileged"] = v diff --git a/drivers/docker/driver.go b/drivers/docker/driver.go index fd5908e2f04..c116feb206a 100644 --- a/drivers/docker/driver.go +++ b/drivers/docker/driver.go @@ -909,7 +909,7 @@ func (d *Driver) createContainerConfig(task *drivers.TaskConfig, driverConfig *T } } if len(missingCaps) > 0 { - return c, fmt.Errorf("Docker driver doesn't have the following caps whitelisted on this Nomad agent: %s", missingCaps) + return c, fmt.Errorf("Docker driver doesn't have the following caps allowlisted on this Nomad agent: %s", missingCaps) } } diff --git a/drivers/docker/driver_darwin_test.go b/drivers/docker/driver_darwin_test.go index 53392b1937b..18bfddd6828 100644 --- a/drivers/docker/driver_darwin_test.go +++ b/drivers/docker/driver_darwin_test.go @@ -11,7 +11,7 @@ import ( // be mounted into Docker containers on macOS without needing dev performing // special setup. // -// macOS sets tempdir as `/var`, which Docker does not whitelist as a path that +// macOS sets tempdir as `/var`, which Docker does not allowlist as a path that // can be bind-mounted. func TestMain(m *testing.M) { tmpdir := fmt.Sprintf("/tmp/nomad-docker-tests-%d", time.Now().Unix()) diff --git a/drivers/docker/driver_test.go b/drivers/docker/driver_test.go index b12519fe5e8..4f0040cda17 100644 --- a/drivers/docker/driver_test.go +++ b/drivers/docker/driver_test.go @@ -1234,50 +1234,50 @@ func TestDockerDriver_Capabilities(t *testing.T) { Name string CapAdd []string CapDrop []string - Whitelist string + Allowlist string StartError string }{ { - Name: "default-whitelist-add-allowed", + Name: "default-allowlist-add-allowed", CapAdd: []string{"fowner", "mknod"}, CapDrop: []string{"all"}, }, { - Name: "default-whitelist-add-forbidden", + Name: "default-allowlist-add-forbidden", CapAdd: []string{"net_admin"}, StartError: "net_admin", }, { - Name: "default-whitelist-drop-existing", + Name: "default-allowlist-drop-existing", CapDrop: []string{"fowner", "mknod"}, }, { - Name: "restrictive-whitelist-drop-all", + Name: "restrictive-allowlist-drop-all", CapDrop: []string{"all"}, - Whitelist: "fowner,mknod", + Allowlist: "fowner,mknod", }, { - Name: "restrictive-whitelist-add-allowed", + Name: "restrictive-allowlist-add-allowed", CapAdd: []string{"fowner", "mknod"}, CapDrop: []string{"all"}, - Whitelist: "fowner,mknod", + Allowlist: "fowner,mknod", }, { - Name: "restrictive-whitelist-add-forbidden", + Name: "restrictive-allowlist-add-forbidden", CapAdd: []string{"net_admin", "mknod"}, CapDrop: []string{"all"}, - Whitelist: "fowner,mknod", + Allowlist: "fowner,mknod", StartError: "net_admin", }, { - Name: "permissive-whitelist", + Name: "permissive-allowlist", CapAdd: []string{"net_admin", "mknod"}, - Whitelist: "all", + Allowlist: "all", }, { - Name: "permissive-whitelist-add-all", + Name: "permissive-allowlist-add-all", CapAdd: []string{"all"}, - Whitelist: "all", + Allowlist: "all", }, } @@ -1298,8 +1298,8 @@ func TestDockerDriver_Capabilities(t *testing.T) { d := dockerDriverHarness(t, nil) dockerDriver, ok := d.Impl().(*Driver) require.True(t, ok) - if tc.Whitelist != "" { - dockerDriver.config.AllowCaps = strings.Split(tc.Whitelist, ",") + if tc.Allowlist != "" { + dockerDriver.config.AllowCaps = strings.Split(tc.Allowlist, ",") } cleanup := d.MkAllocDir(task, true) diff --git a/e2e/terraform/shared/nomad/client.hcl b/e2e/terraform/shared/nomad/client.hcl index 07c7ee9850e..34ab5996a3c 100644 --- a/e2e/terraform/shared/nomad/client.hcl +++ b/e2e/terraform/shared/nomad/client.hcl @@ -5,7 +5,7 @@ client { options { # Allow jobs to run as root - "user.blacklist" = "" + "user.denylist" = "" # Allow rawexec jobs "driver.raw_exec.enable" = "1" diff --git a/go.mod b/go.mod index db277759e86..2f45f9664ff 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,10 @@ replace ( github.com/NYTimes/gziphandler => github.com/NYTimes/gziphandler v1.0.0 github.com/apparentlymart/go-textseg/v12 => github.com/apparentlymart/go-textseg/v12 v12.0.0 github.com/godbus/dbus => github.com/godbus/dbus v5.0.1+incompatible + github.com/golang/protobuf => github.com/golang/protobuf v1.3.4 github.com/hashicorp/nomad/api => ./api github.com/kr/pty => github.com/kr/pty v1.1.5 github.com/shirou/gopsutil => github.com/hashicorp/gopsutil v2.18.13-0.20200531184148-5aca383d4f9d+incompatible - github.com/golang/protobuf => github.com/golang/protobuf v1.3.4 ) require ( @@ -52,7 +52,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.2.1-0.20200228141219-3ce3d519df39 github.com/grpc-ecosystem/grpc-gateway v1.9.0 // indirect github.com/hashicorp/consul v1.7.1-0.20200213195527-b137060630b4 - github.com/hashicorp/consul-template v0.24.1 + github.com/hashicorp/consul-template v0.25.1 github.com/hashicorp/consul/api v1.4.1-0.20200730220852-12f574c9de39 github.com/hashicorp/consul/sdk v0.5.0 github.com/hashicorp/cronexpr v1.1.0 diff --git a/go.sum b/go.sum index c0330ad6adb..34b0525a9e6 100644 --- a/go.sum +++ b/go.sum @@ -262,21 +262,8 @@ github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200j github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -328,14 +315,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0 h1:bM6ZAFZmc/wPFaRDi0d5L7hGEZEx/2u github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/consul v1.7.1-0.20200213195527-b137060630b4 h1:KO2Xiprv+MgQ75yyakCf3m62u4UMS3C+C68Oa+f47EA= github.com/hashicorp/consul v1.7.1-0.20200213195527-b137060630b4/go.mod h1:vKfXmSQNl6HwO/JqQ2DDLzisBDV49y+JVTkrdW1cnSU= -github.com/hashicorp/consul-template v0.24.1 h1:96zTJ5YOq4HMTgtehXRvzGoQNEG2Z4jBYY5ofhq8/Cc= -github.com/hashicorp/consul-template v0.24.1/go.mod h1:KcTEopo2kCp7kww0d4oG7d3oX2Uou4hzb1Rs/wY9TVI= -github.com/hashicorp/consul/api v1.2.0/go.mod h1:1SIkFYi2ZTXUE5Kgt179+4hH33djo11+0Eo2XgTAtkw= +github.com/hashicorp/consul-template v0.25.1 h1:+D2s8eyRqWyX7GPNxeUi8tsyh8pRn3J6k8giEchPfKQ= +github.com/hashicorp/consul-template v0.25.1/go.mod h1:/vUsrJvDuuQHcxEw0zik+YXTS7ZKWZjQeaQhshBmfH0= github.com/hashicorp/consul/api v1.4.0 h1:jfESivXnO5uLdH650JU/6AnjRoHrLhULq0FnC3Kp9EY= github.com/hashicorp/consul/api v1.4.0/go.mod h1:xc8u05kyMa3Wjr9eEAsIAo3dg8+LywT5E/Cl7cNS5nU= github.com/hashicorp/consul/api v1.4.1-0.20200730220852-12f574c9de39 h1:i0o6cy+ul/lNGjX8ob+P4Ge1GH2gf1ywUE1ILtpfvFo= github.com/hashicorp/consul/api v1.4.1-0.20200730220852-12f574c9de39/go.mod h1:GWV+sV6Rzk24M6MclFl41QeMut5J+nzoGp+6zfICuOk= -github.com/hashicorp/consul/sdk v0.2.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.4.0 h1:zBtCfKJZcJDBvSCkQJch4ulp59m1rATFLKwNo/LYY30= github.com/hashicorp/consul/sdk v0.4.0/go.mod h1:fY08Y9z5SvJqevyZNy6WWPXiG3KwBPAvlcdx16zZ0fM= github.com/hashicorp/consul/sdk v0.5.0 h1:WC4594Wp/LkEeML/OdQKEC1yqBmEYkRp6i7X5u0zDAs= @@ -389,7 +374,6 @@ github.com/hashicorp/go-raftchunking v0.6.1/go.mod h1:cGlg3JtDy7qy6c/3Bu660Mic1J github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.5.4 h1:1BZvpawXoJCWX6pNtow9+rpEj+3itIlutiqnntI6jOE= github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -907,7 +891,6 @@ golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1016,13 +999,6 @@ google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= diff --git a/nomad/leader_test.go b/nomad/leader_test.go index d88c8aac4af..ea31d576a26 100644 --- a/nomad/leader_test.go +++ b/nomad/leader_test.go @@ -1100,7 +1100,7 @@ func TestLeader_UpgradeRaftVersion(t *testing.T) { func TestLeader_Reelection(t *testing.T) { raftProtocols := []int{1, 2, 3} for _, p := range raftProtocols { - t.Run("Leader Election - Protocol version "+string(p), func(t *testing.T) { + t.Run(fmt.Sprintf("Leader Election - Protocol version %d", p), func(t *testing.T) { leaderElectionTest(t, raft.ProtocolVersion(p)) }) } diff --git a/nomad/structs/node_class.go b/nomad/structs/node_class.go index fbeb93966a1..22613f85052 100644 --- a/nomad/structs/node_class.go +++ b/nomad/structs/node_class.go @@ -38,7 +38,7 @@ func (n *Node) ComputeClass() error { return nil } -// HashInclude is used to blacklist uniquely identifying node fields from being +// HashInclude is used to denylist uniquely identifying node fields from being // included in the computed node class. func (n Node) HashInclude(field string, v interface{}) (bool, error) { switch field { @@ -49,7 +49,7 @@ func (n Node) HashInclude(field string, v interface{}) (bool, error) { } } -// HashIncludeMap is used to blacklist uniquely identifying node map keys from being +// HashIncludeMap is used to denylist uniquely identifying node map keys from being // included in the computed node class. func (n Node) HashIncludeMap(field string, k, v interface{}) (bool, error) { key, ok := k.(string) @@ -65,7 +65,7 @@ func (n Node) HashIncludeMap(field string, k, v interface{}) (bool, error) { } } -// HashInclude is used to blacklist uniquely identifying node fields from being +// HashInclude is used to denylist uniquely identifying node fields from being // included in the computed node class. func (n NodeResources) HashInclude(field string, v interface{}) (bool, error) { switch field { @@ -76,7 +76,7 @@ func (n NodeResources) HashInclude(field string, v interface{}) (bool, error) { } } -// HashInclude is used to blacklist uniquely identifying node fields from being +// HashInclude is used to denylist uniquely identifying node fields from being // included in the computed node class. func (n NodeDeviceResource) HashInclude(field string, v interface{}) (bool, error) { switch field { @@ -87,7 +87,7 @@ func (n NodeDeviceResource) HashInclude(field string, v interface{}) (bool, erro } } -// HashIncludeMap is used to blacklist uniquely identifying node map keys from being +// HashIncludeMap is used to denylist uniquely identifying node map keys from being // included in the computed node class. func (n NodeDeviceResource) HashIncludeMap(field string, k, v interface{}) (bool, error) { key, ok := k.(string) diff --git a/plugins/drivers/testutils/testing.go b/plugins/drivers/testutils/testing.go index 85152a540f2..eed2ee44f03 100644 --- a/plugins/drivers/testutils/testing.go +++ b/plugins/drivers/testutils/testing.go @@ -266,7 +266,7 @@ func SetEnvvars(envBuilder *taskenv.Builder, fsi drivers.FSIsolation, taskDir *a // Set the host environment variables for non-image based drivers if fsi != drivers.FSIsolationImage { - filter := strings.Split(conf.ReadDefault("env.blacklist", config.DefaultEnvBlacklist), ",") + filter := strings.Split(conf.ReadDefault("env.denylist", config.DefaultEnvDenylist), ",") envBuilder.SetHostEnvvars(filter) } } diff --git a/vendor/github.com/hashicorp/consul-template/child/child.go b/vendor/github.com/hashicorp/consul-template/child/child.go index 3c94816f596..1b674270738 100644 --- a/vendor/github.com/hashicorp/consul-template/child/child.go +++ b/vendor/github.com/hashicorp/consul-template/child/child.go @@ -290,14 +290,14 @@ func (c *Child) start() error { // down the exit channel. c.stopLock.RLock() defer c.stopLock.RUnlock() - if c.stopped { - return + if !c.stopped { + select { + case <-c.stopCh: + case exitCh <- code: + } } - select { - case <-c.stopCh: - case exitCh <- code: - } + close(exitCh) }() c.exitCh = exitCh @@ -365,16 +365,13 @@ func (c *Child) reload() error { return c.signal(c.reloadSignal) } +// kill sends the signal to kill the process using the configured signal +// if set, else the default system signal func (c *Child) kill(immediately bool) { - if !c.running() { - return - } - exited := false - process := c.cmd.Process - - if c.cmd.ProcessState != nil { + if !c.running() { log.Printf("[DEBUG] (child) Kill() called but process dead; not waiting for splay.") + return } else if immediately { log.Printf("[DEBUG] (child) Kill() called but performing immediate shutdown; not waiting for splay.") } else { @@ -384,6 +381,9 @@ func (c *Child) kill(immediately bool) { } } + exited := false + process := c.cmd.Process + if c.killSignal != nil { if err := process.Signal(c.killSignal); err == nil { // Wait a few seconds for it to exit @@ -410,6 +410,11 @@ func (c *Child) kill(immediately bool) { } func (c *Child) running() bool { + select { + case <-c.exitCh: + return false + default: + } return c.cmd != nil && c.cmd.Process != nil } diff --git a/vendor/github.com/hashicorp/consul-template/config/config.go b/vendor/github.com/hashicorp/consul-template/config/config.go index b027040937b..a4d31d5a990 100644 --- a/vendor/github.com/hashicorp/consul-template/config/config.go +++ b/vendor/github.com/hashicorp/consul-template/config/config.go @@ -33,6 +33,9 @@ const ( // DefaultKillSignal is the default signal for termination. DefaultKillSignal = syscall.SIGINT + + // DefaultBlockQueryWaitTime is amount of time in seconds to do a blocking query for + DefaultBlockQueryWaitTime = 60 * time.Second ) var ( @@ -48,6 +51,9 @@ type Config struct { // Dedup is used to configure the dedup settings Dedup *DedupConfig `mapstructure:"deduplicate"` + // DefaultDelims is used to configure the default delimiters for templates + DefaultDelims *DefaultDelims `mapstructure:"default_delimiters"` + // Exec is the configuration for exec/supervise mode. Exec *ExecConfig `mapstructure:"exec"` @@ -84,6 +90,9 @@ type Config struct { // Additional command line options // Run once, executing each template exactly once, and exit Once bool + + // BlockQueryWaitTime is amount of time in seconds to do a blocking query for + BlockQueryWaitTime *time.Duration `mapstructure:"block_query_wait"` } // Copy returns a deep copy of the current configuration. This is useful because @@ -104,6 +113,10 @@ func (c *Config) Copy() *Config { o.Dedup = c.Dedup.Copy() } + if c.DefaultDelims != nil { + o.DefaultDelims = c.DefaultDelims.Copy() + } + if c.Exec != nil { o.Exec = c.Exec.Copy() } @@ -136,6 +149,8 @@ func (c *Config) Copy() *Config { o.Once = c.Once + o.BlockQueryWaitTime = c.BlockQueryWaitTime + return &o } @@ -163,6 +178,10 @@ func (c *Config) Merge(o *Config) *Config { r.Dedup = r.Dedup.Merge(o.Dedup) } + if o.DefaultDelims != nil { + r.DefaultDelims = r.DefaultDelims.Merge(o.DefaultDelims) + } + if o.Exec != nil { r.Exec = r.Exec.Merge(o.Exec) } @@ -205,6 +224,8 @@ func (c *Config) Merge(o *Config) *Config { r.Once = o.Once + r.BlockQueryWaitTime = o.BlockQueryWaitTime + return r } @@ -229,6 +250,7 @@ func Parse(s string) (*Config, error) { "consul.ssl", "consul.transport", "deduplicate", + "default_delimiters", "env", "exec", "exec.env", @@ -383,6 +405,7 @@ func (c *Config) GoString() string { return fmt.Sprintf("&Config{"+ "Consul:%#v, "+ "Dedup:%#v, "+ + "DefaultDelims:%#v, "+ "Exec:%#v, "+ "KillSignal:%s, "+ "LogLevel:%s, "+ @@ -394,9 +417,11 @@ func (c *Config) GoString() string { "Vault:%#v, "+ "Wait:%#v,"+ "Once:%#v"+ + "BlockQueryWaitTime:%#v"+ "}", c.Consul, c.Dedup, + c.DefaultDelims, c.Exec, SignalGoString(c.KillSignal), StringGoString(c.LogLevel), @@ -408,6 +433,7 @@ func (c *Config) GoString() string { c.Vault, c.Wait, c.Once, + TimeDurationGoString(c.BlockQueryWaitTime), ) } @@ -436,13 +462,14 @@ func (expected *Config) Diff(actual *Config) string { // variables may be set which control the values for the default configuration. func DefaultConfig() *Config { return &Config{ - Consul: DefaultConsulConfig(), - Dedup: DefaultDedupConfig(), - Exec: DefaultExecConfig(), - Syslog: DefaultSyslogConfig(), - Templates: DefaultTemplateConfigs(), - Vault: DefaultVaultConfig(), - Wait: DefaultWaitConfig(), + Consul: DefaultConsulConfig(), + Dedup: DefaultDedupConfig(), + DefaultDelims: DefaultDefaultDelims(), + Exec: DefaultExecConfig(), + Syslog: DefaultSyslogConfig(), + Templates: DefaultTemplateConfigs(), + Vault: DefaultVaultConfig(), + Wait: DefaultWaitConfig(), } } @@ -465,6 +492,10 @@ func (c *Config) Finalize() { } c.Dedup.Finalize() + if c.DefaultDelims == nil { + c.DefaultDelims = DefaultDefaultDelims() + } + if c.Exec == nil { c.Exec = DefaultExecConfig() } @@ -517,6 +548,11 @@ func (c *Config) Finalize() { if c.Once { c.Wait = &WaitConfig{Enabled: Bool(false)} } + + // defaults WaitTime to 60 seconds + if c.BlockQueryWaitTime == nil { + c.BlockQueryWaitTime = TimeDuration(DefaultBlockQueryWaitTime) + } } func stringFromEnv(list []string, def string) *string { diff --git a/vendor/github.com/hashicorp/consul-template/config/consul.go b/vendor/github.com/hashicorp/consul-template/config/consul.go index ca79ba8b66a..9f153c1e7ed 100644 --- a/vendor/github.com/hashicorp/consul-template/config/consul.go +++ b/vendor/github.com/hashicorp/consul-template/config/consul.go @@ -8,6 +8,10 @@ type ConsulConfig struct { // Address is the address of the Consul server. It may be an IP or FQDN. Address *string + // Namespace is the Consul namespace to use for reading/writing. This can + // also be set via the CONSUL_NAMESPACE environment variable. + Namespace *string `mapstructure:"namespace"` + // Auth is the HTTP basic authentication for communicating with Consul. Auth *AuthConfig `mapstructure:"auth"` @@ -46,6 +50,8 @@ func (c *ConsulConfig) Copy() *ConsulConfig { o.Address = c.Address + o.Namespace = c.Namespace + if c.Auth != nil { o.Auth = c.Auth.Copy() } @@ -89,6 +95,10 @@ func (c *ConsulConfig) Merge(o *ConsulConfig) *ConsulConfig { r.Address = o.Address } + if o.Namespace != nil { + r.Namespace = o.Namespace + } + if o.Auth != nil { r.Auth = r.Auth.Merge(o.Auth) } @@ -120,6 +130,10 @@ func (c *ConsulConfig) Finalize() { }, "") } + if c.Namespace == nil { + c.Namespace = stringFromEnv([]string{"CONSUL_NAMESPACE"}, "") + } + if c.Auth == nil { c.Auth = DefaultAuthConfig() } @@ -156,6 +170,7 @@ func (c *ConsulConfig) GoString() string { return fmt.Sprintf("&ConsulConfig{"+ "Address:%s, "+ + "Namespace:%s, "+ "Auth:%#v, "+ "Retry:%#v, "+ "SSL:%#v, "+ @@ -163,6 +178,7 @@ func (c *ConsulConfig) GoString() string { "Transport:%#v"+ "}", StringGoString(c.Address), + StringGoString(c.Namespace), c.Auth, c.Retry, c.SSL, diff --git a/vendor/github.com/hashicorp/consul-template/config/dedup.go b/vendor/github.com/hashicorp/consul-template/config/dedup.go index 247855a938e..57c6f24a84b 100644 --- a/vendor/github.com/hashicorp/consul-template/config/dedup.go +++ b/vendor/github.com/hashicorp/consul-template/config/dedup.go @@ -15,6 +15,9 @@ const ( // DefaultDedupMaxStale is the default max staleness for the deduplication // manager. DefaultDedupMaxStale = DefaultMaxStale + + // DefaultDedupBlockQueryWaitTime is the default amount of time to do a blocking query for the deduplication + DefaultDedupBlockQueryWaitTime = 60 * time.Second ) // DedupConfig is used to enable the de-duplication mode, which depends @@ -32,6 +35,9 @@ type DedupConfig struct { // TTL is the Session TTL used for lock acquisition, defaults to 15 seconds. TTL *time.Duration `mapstructure:"ttl"` + + // BlockQueryWaitTime is amount of time to do a blocking query for, defaults to 60 seconds. + BlockQueryWaitTime *time.Duration `mapstructure:"block_query_wait"` } // DefaultDedupConfig returns a configuration that is populated with the @@ -51,6 +57,7 @@ func (c *DedupConfig) Copy() *DedupConfig { o.MaxStale = c.MaxStale o.Prefix = c.Prefix o.TTL = c.TTL + o.BlockQueryWaitTime = c.BlockQueryWaitTime return &o } @@ -88,6 +95,10 @@ func (c *DedupConfig) Merge(o *DedupConfig) *DedupConfig { r.TTL = o.TTL } + if o.BlockQueryWaitTime != nil { + r.BlockQueryWaitTime = o.BlockQueryWaitTime + } + return r } @@ -97,7 +108,8 @@ func (c *DedupConfig) Finalize() { c.Enabled = Bool(false || TimeDurationPresent(c.MaxStale) || StringPresent(c.Prefix) || - TimeDurationPresent(c.TTL)) + TimeDurationPresent(c.TTL) || + TimeDurationPresent(c.BlockQueryWaitTime)) } if c.MaxStale == nil { @@ -111,6 +123,10 @@ func (c *DedupConfig) Finalize() { if c.TTL == nil { c.TTL = TimeDuration(DefaultDedupTTL) } + + if c.BlockQueryWaitTime == nil { + c.BlockQueryWaitTime = TimeDuration(DefaultDedupBlockQueryWaitTime) + } } // GoString defines the printable version of this struct. @@ -122,11 +138,13 @@ func (c *DedupConfig) GoString() string { "Enabled:%s, "+ "MaxStale:%s, "+ "Prefix:%s, "+ - "TTL:%s"+ + "TTL:%s, "+ + "BlockQueryWaitTime:%s"+ "}", BoolGoString(c.Enabled), TimeDurationGoString(c.MaxStale), StringGoString(c.Prefix), TimeDurationGoString(c.TTL), + TimeDurationGoString(c.BlockQueryWaitTime), ) } diff --git a/vendor/github.com/hashicorp/consul-template/config/default_delimiters.go b/vendor/github.com/hashicorp/consul-template/config/default_delimiters.go new file mode 100644 index 00000000000..bc2a28f861a --- /dev/null +++ b/vendor/github.com/hashicorp/consul-template/config/default_delimiters.go @@ -0,0 +1,53 @@ +package config + +// DefaultDelims is used to configure the default delimiters used for all templates +type DefaultDelims struct { + // Left is the left delimiter for templating + Left *string `mapstructure:"left"` + + // Right is the right delimiter for templating + Right *string `mapstructure:"right"` +} + +// DefaultDefaultDelims returns the default DefaultDelims +func DefaultDefaultDelims() *DefaultDelims { + return &DefaultDelims{} +} + +// Copy returns a copy of the DefaultDelims +func (c *DefaultDelims) Copy() *DefaultDelims { + if c == nil { + return nil + } + + return &DefaultDelims{ + Left: c.Left, + Right: c.Right, + } +} + +// Merge merges the DefaultDelims +func (c *DefaultDelims) Merge(o *DefaultDelims) *DefaultDelims { + if c == nil { + if o == nil { + return nil + } + return o.Copy() + } + + if o == nil { + return c.Copy() + } + + r := c.Copy() + + if o.Left != nil { + r.Left = o.Left + } + + if o.Right != nil { + r.Right = o.Right + } + + return r +} diff --git a/vendor/github.com/hashicorp/consul-template/config/env.go b/vendor/github.com/hashicorp/consul-template/config/env.go index a9a4b1ebe84..0d93aef6aca 100644 --- a/vendor/github.com/hashicorp/consul-template/config/env.go +++ b/vendor/github.com/hashicorp/consul-template/config/env.go @@ -11,15 +11,21 @@ import ( // variable filtering. You should not use this directly and it is only public // for mapstructure's decoding. type EnvConfig struct { - // BlacklistEnv specifies a list of environment variables to explicitly + // Denylist specifies a list of environment variables to explicitly // exclude from the list of environment variables populated to the child. - // If both WhitelistEnv and BlacklistEnv are provided, BlacklistEnv takes - // precedence over the values in WhitelistEnv. - Blacklist []string `mapstructure:"blacklist"` + // If both Allowlist and Denylist are provided, Denylist takes + // precedence over the values in Allowlist. + Denylist []string `mapstructure:"denylist"` + + // DenylistDeprecated is the backward compatible option for Denylist for + // configuration supported by v0.25.0 and older. This should not be used + // directly, use Denylist instead. Values from this are combined to + // Denylist in Finalize(). + DenylistDeprecated []string `mapstructure:"blacklist" json:"-"` // CustomEnv specifies custom environment variables to pass to the child // process. These are provided programmatically, override any environment - // variables of the same name, are ignored from whitelist/blacklist, and + // variables of the same name, are ignored from allowlist/denylist, and // are still included even if PristineEnv is set to true. Custom []string `mapstructure:"custom"` @@ -27,9 +33,15 @@ type EnvConfig struct { // environment. Pristine *bool `mapstructure:"pristine"` - // WhitelistEnv specifies a list of environment variables to exclusively + // Allowlist specifies a list of environment variables to exclusively // include in the list of environment variables populated to the child. - Whitelist []string `mapstructure:"whitelist"` + Allowlist []string `mapstructure:"allowlist"` + + // AllowlistDeprecated is the backward compatible option for Allowlist for + // configuration supported by v0.25.0 and older. This should not be used + // directly, use Allowlist instead. Values from this are combined to + // Allowlist in Finalize(). + AllowlistDeprecated []string `mapstructure:"whitelist" json:"-"` } // DefaultEnvConfig returns a configuration that is populated with the @@ -46,8 +58,12 @@ func (c *EnvConfig) Copy() *EnvConfig { var o EnvConfig - if c.Blacklist != nil { - o.Blacklist = append([]string{}, c.Blacklist...) + if c.Denylist != nil { + o.Denylist = append([]string{}, c.Denylist...) + } + + if c.DenylistDeprecated != nil { + o.DenylistDeprecated = append([]string{}, c.DenylistDeprecated...) } if c.Custom != nil { @@ -56,8 +72,12 @@ func (c *EnvConfig) Copy() *EnvConfig { o.Pristine = c.Pristine - if c.Whitelist != nil { - o.Whitelist = append([]string{}, c.Whitelist...) + if c.Allowlist != nil { + o.Allowlist = append([]string{}, c.Allowlist...) + } + + if c.AllowlistDeprecated != nil { + o.AllowlistDeprecated = append([]string{}, c.AllowlistDeprecated...) } return &o @@ -81,8 +101,12 @@ func (c *EnvConfig) Merge(o *EnvConfig) *EnvConfig { r := c.Copy() - if o.Blacklist != nil { - r.Blacklist = append(r.Blacklist, o.Blacklist...) + if o.Denylist != nil { + r.Denylist = append(r.Denylist, o.Denylist...) + } + + if o.DenylistDeprecated != nil { + r.DenylistDeprecated = append(r.DenylistDeprecated, o.DenylistDeprecated...) } if o.Custom != nil { @@ -93,16 +117,20 @@ func (c *EnvConfig) Merge(o *EnvConfig) *EnvConfig { r.Pristine = o.Pristine } - if o.Whitelist != nil { - r.Whitelist = append(r.Whitelist, o.Whitelist...) + if o.Allowlist != nil { + r.Allowlist = append(r.Allowlist, o.Allowlist...) + } + + if o.AllowlistDeprecated != nil { + r.AllowlistDeprecated = append(r.AllowlistDeprecated, o.AllowlistDeprecated...) } return r } // Env calculates and returns the finalized environment for this exec -// configuration. It takes into account pristine, custom environment, whitelist, -// and blacklist values. +// configuration. It takes into account pristine, custom environment, allowlist, +// and denylist values. func (c *EnvConfig) Env() []string { // In pristine mode, just return the custom environment. If the user did not // specify a custom environment, just return the empty slice to force an @@ -136,22 +164,30 @@ func (c *EnvConfig) Env() []string { return false } - // Pull out any envvars that match the whitelist. - if len(c.Whitelist) > 0 { + // Pull out any envvars that match the allowlist. + // Combining lists on each reference may be slightly inefficient but this + // allows for out of order method calls, not requiring the config to be + // finalized first. + allowlist := combineLists(c.Allowlist, c.AllowlistDeprecated) + if len(allowlist) > 0 { newKeys := make([]string, 0, len(keys)) for _, k := range keys { - if anyGlobMatch(k, c.Whitelist) { + if anyGlobMatch(k, allowlist) { newKeys = append(newKeys, k) } } keys = newKeys } - // Remove any envvars that match the blacklist. - if len(c.Blacklist) > 0 { + // Remove any envvars that match the denylist. + // Combining lists on each reference may be slightly inefficient but this + // allows for out of order method calls, not requiring the config to be + // finalized first. + denylist := combineLists(c.Denylist, c.DenylistDeprecated) + if len(denylist) > 0 { newKeys := make([]string, 0, len(keys)) for _, k := range keys { - if !anyGlobMatch(k, c.Blacklist) { + if !anyGlobMatch(k, denylist) { newKeys = append(newKeys, k) } } @@ -172,8 +208,11 @@ func (c *EnvConfig) Env() []string { // Finalize ensures there no nil pointers. func (c *EnvConfig) Finalize() { - if c.Blacklist == nil { - c.Blacklist = []string{} + if c.Denylist == nil && c.DenylistDeprecated == nil { + c.Denylist = []string{} + c.DenylistDeprecated = []string{} + } else { + c.Denylist = combineLists(c.Denylist, c.DenylistDeprecated) } if c.Custom == nil { @@ -184,8 +223,11 @@ func (c *EnvConfig) Finalize() { c.Pristine = Bool(false) } - if c.Whitelist == nil { - c.Whitelist = []string{} + if c.Allowlist == nil && c.AllowlistDeprecated == nil { + c.Allowlist = []string{} + c.AllowlistDeprecated = []string{} + } else { + c.Allowlist = combineLists(c.Allowlist, c.AllowlistDeprecated) } } @@ -196,14 +238,33 @@ func (c *EnvConfig) GoString() string { } return fmt.Sprintf("&EnvConfig{"+ - "Blacklist:%v, "+ + "Denylist:%v, "+ "Custom:%v, "+ "Pristine:%s, "+ - "Whitelist:%v"+ + "Allowlist:%v"+ "}", - c.Blacklist, + combineLists(c.Denylist, c.DenylistDeprecated), c.Custom, BoolGoString(c.Pristine), - c.Whitelist, + combineLists(c.Allowlist, c.AllowlistDeprecated), ) } + +// combineLists makes a new list that combines 2 lists by adding values from +// the second list without removing any duplicates from the first. +func combineLists(a, b []string) []string { + combined := make([]string, len(a), len(a)+len(b)) + m := make(map[string]bool) + for i, v := range a { + m[v] = true + combined[i] = v + } + + for _, v := range b { + if !m[v] { + combined = append(combined, v) + } + } + + return combined +} diff --git a/vendor/github.com/hashicorp/consul-template/config/syslog.go b/vendor/github.com/hashicorp/consul-template/config/syslog.go index 0de67199d7d..14b9127c29f 100644 --- a/vendor/github.com/hashicorp/consul-template/config/syslog.go +++ b/vendor/github.com/hashicorp/consul-template/config/syslog.go @@ -1,16 +1,26 @@ package config -import "fmt" +import ( + "fmt" + + "github.com/hashicorp/consul-template/version" +) const ( // DefaultSyslogFacility is the default facility to log to. DefaultSyslogFacility = "LOCAL0" ) +var ( + // DefaultSyslogName is the default app name in syslog. + DefaultSyslogName = version.Name +) + // SyslogConfig is the configuration for syslog. type SyslogConfig struct { Enabled *bool `mapstructure:"enabled"` Facility *string `mapstructure:"facility"` + Name *string `mapstructure:"name"` } // DefaultSyslogConfig returns a configuration that is populated with the @@ -28,6 +38,7 @@ func (c *SyslogConfig) Copy() *SyslogConfig { var o SyslogConfig o.Enabled = c.Enabled o.Facility = c.Facility + o.Name = c.Name return &o } @@ -57,18 +68,26 @@ func (c *SyslogConfig) Merge(o *SyslogConfig) *SyslogConfig { r.Facility = o.Facility } + if o.Name != nil { + r.Name = o.Name + } + return r } // Finalize ensures there no nil pointers. func (c *SyslogConfig) Finalize() { if c.Enabled == nil { - c.Enabled = Bool(StringPresent(c.Facility)) + c.Enabled = Bool(StringPresent(c.Facility) || StringPresent(c.Name)) } if c.Facility == nil { c.Facility = String(DefaultSyslogFacility) } + + if c.Name == nil { + c.Name = String(DefaultSyslogName) + } } // GoString defines the printable version of this struct. @@ -80,8 +99,10 @@ func (c *SyslogConfig) GoString() string { return fmt.Sprintf("&SyslogConfig{"+ "Enabled:%s, "+ "Facility:%s"+ + "Name:%s"+ "}", BoolGoString(c.Enabled), StringGoString(c.Facility), + StringGoString(c.Name), ) } diff --git a/vendor/github.com/hashicorp/consul-template/config/template.go b/vendor/github.com/hashicorp/consul-template/config/template.go index 4f69bfb6033..a42e4d87fca 100644 --- a/vendor/github.com/hashicorp/consul-template/config/template.go +++ b/vendor/github.com/hashicorp/consul-template/config/template.go @@ -76,9 +76,15 @@ type TemplateConfig struct { LeftDelim *string `mapstructure:"left_delimiter"` RightDelim *string `mapstructure:"right_delimiter"` - // FunctionBlacklist is a list of functions that this template is not + // FunctionDenylist is a list of functions that this template is not // permitted to run. - FunctionBlacklist []string `mapstructure:"function_blacklist"` + FunctionDenylist []string `mapstructure:"function_denylist"` + + // FunctionDenylistDeprecated is the backward compatible option for + // FunctionDenylist for configuration supported by v0.25.0 and older. This + // should not be used directly, use FunctionDenylist instead. Values from + // this are combined to FunctionDenylist in Finalize(). + FunctionDenylistDeprecated []string `mapstructure:"function_blacklist" json:"-"` // SandboxPath adds a prefix to any path provided to the `file` function // and causes an error if a relative path tries to traverse outside that @@ -132,9 +138,14 @@ func (c *TemplateConfig) Copy() *TemplateConfig { o.LeftDelim = c.LeftDelim o.RightDelim = c.RightDelim - for _, fun := range c.FunctionBlacklist { - o.FunctionBlacklist = append(o.FunctionBlacklist, fun) + for _, fun := range c.FunctionDenylist { + o.FunctionDenylist = append(o.FunctionDenylist, fun) + } + + for _, fun := range c.FunctionDenylistDeprecated { + o.FunctionDenylistDeprecated = append(o.FunctionDenylistDeprecated, fun) } + o.SandboxPath = c.SandboxPath return &o @@ -210,9 +221,14 @@ func (c *TemplateConfig) Merge(o *TemplateConfig) *TemplateConfig { r.RightDelim = o.RightDelim } - for _, fun := range o.FunctionBlacklist { - r.FunctionBlacklist = append(r.FunctionBlacklist, fun) + for _, fun := range o.FunctionDenylist { + r.FunctionDenylist = append(r.FunctionDenylist, fun) } + + for _, fun := range o.FunctionDenylistDeprecated { + r.FunctionDenylistDeprecated = append(r.FunctionDenylistDeprecated, fun) + } + if o.SandboxPath != nil { r.SandboxPath = o.SandboxPath } @@ -288,6 +304,13 @@ func (c *TemplateConfig) Finalize() { if c.SandboxPath == nil { c.SandboxPath = String("") } + + if c.FunctionDenylist == nil && c.FunctionDenylistDeprecated == nil { + c.FunctionDenylist = []string{} + c.FunctionDenylistDeprecated = []string{} + } else { + c.FunctionDenylist = combineLists(c.FunctionDenylist, c.FunctionDenylistDeprecated) + } } // GoString defines the printable version of this struct. @@ -309,8 +332,8 @@ func (c *TemplateConfig) GoString() string { "Source:%s, "+ "Wait:%#v, "+ "LeftDelim:%s, "+ - "RightDelim:%s"+ - "FunctionBlacklist:%s"+ + "RightDelim:%s, "+ + "FunctionDenylist:%s, "+ "SandboxPath:%s"+ "}", BoolGoString(c.Backup), @@ -326,7 +349,7 @@ func (c *TemplateConfig) GoString() string { c.Wait, StringGoString(c.LeftDelim), StringGoString(c.RightDelim), - c.FunctionBlacklist, + combineLists(c.FunctionDenylist, c.FunctionDenylistDeprecated), StringGoString(c.SandboxPath), ) } diff --git a/vendor/github.com/hashicorp/consul-template/config/vault.go b/vendor/github.com/hashicorp/consul-template/config/vault.go index 49c2acaf650..5eb727c3aea 100644 --- a/vendor/github.com/hashicorp/consul-template/config/vault.go +++ b/vendor/github.com/hashicorp/consul-template/config/vault.go @@ -193,16 +193,6 @@ func (c *VaultConfig) Finalize() { c.Namespace = stringFromEnv([]string{"VAULT_NAMESPACE"}, "") } - if c.RenewToken == nil { - default_renew := DefaultVaultRenewToken - if c.VaultAgentTokenFile != nil { - default_renew = false - } - c.RenewToken = boolFromEnv([]string{ - "VAULT_RENEW_TOKEN", - }, default_renew) - } - if c.Retry == nil { c.Retry = DefaultRetryConfig() } @@ -258,6 +248,19 @@ func (c *VaultConfig) Finalize() { c.Token = stringFromFile([]string{*c.VaultAgentTokenFile}, "") } + // must be after c.Token setting, as default depends on that. + if c.RenewToken == nil { + default_renew := DefaultVaultRenewToken + if c.VaultAgentTokenFile != nil { + default_renew = false + } else if StringVal(c.Token) == "" { + default_renew = false + } + c.RenewToken = boolFromEnv([]string{ + "VAULT_RENEW_TOKEN", + }, default_renew) + } + if c.Transport == nil { c.Transport = DefaultTransportConfig() } diff --git a/vendor/github.com/hashicorp/consul-template/dependency/client_set.go b/vendor/github.com/hashicorp/consul-template/dependency/client_set.go index e2bceb77382..b891f3a39ff 100644 --- a/vendor/github.com/hashicorp/consul-template/dependency/client_set.go +++ b/vendor/github.com/hashicorp/consul-template/dependency/client_set.go @@ -38,6 +38,7 @@ type vaultClient struct { // CreateConsulClientInput is used as input to the CreateConsulClient function. type CreateConsulClientInput struct { Address string + Namespace string Token string AuthEnabled bool AuthUsername string @@ -95,6 +96,10 @@ func (c *ClientSet) CreateConsulClient(i *CreateConsulClientInput) error { consulConfig.Address = i.Address } + if i.Namespace != "" { + consulConfig.Namespace = i.Namespace + } + if i.Token != "" { consulConfig.Token = i.Token } diff --git a/vendor/github.com/hashicorp/consul-template/dependency/health_service.go b/vendor/github.com/hashicorp/consul-template/dependency/health_service.go index 20fae8b765c..94199253193 100644 --- a/vendor/github.com/hashicorp/consul-template/dependency/health_service.go +++ b/vendor/github.com/hashicorp/consul-template/dependency/health_service.go @@ -51,6 +51,7 @@ type HealthService struct { Checks api.HealthChecks Status string Port int + Weights api.AgentWeights } // HealthServiceQuery is the representation of all a service query in Consul. @@ -187,9 +188,10 @@ func (d *HealthServiceQuery) Fetch(clients *ClientSet, opts *QueryOptions) (inte Name: entry.Service.Service, Tags: ServiceTags( deepCopyAndSortTags(entry.Service.Tags)), - Status: status, - Checks: entry.Checks, - Port: entry.Service.Port, + Status: status, + Checks: entry.Checks, + Port: entry.Service.Port, + Weights: entry.Service.Weights, }) } diff --git a/vendor/github.com/hashicorp/consul-template/dependency/vault_common.go b/vendor/github.com/hashicorp/consul-template/dependency/vault_common.go index 6abe69cfd14..e579f8958b7 100644 --- a/vendor/github.com/hashicorp/consul-template/dependency/vault_common.go +++ b/vendor/github.com/hashicorp/consul-template/dependency/vault_common.go @@ -3,13 +3,9 @@ package dependency import ( "log" "math/rand" - "path" - "strings" "time" - "crypto/x509" - "encoding/pem" - + "encoding/json" "github.com/hashicorp/vault/api" ) @@ -105,22 +101,6 @@ func renewSecret(clients *ClientSet, d renewer) error { } } -// durationFrom cert gets the duration of validity from cert data and -// returns that value as an integer number of seconds -func durationFromCert(certData string) int { - block, _ := pem.Decode([]byte(certData)) - if block == nil { - return -1 - } - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - log.Printf("[WARN] Unable to parse certificate data: %s", err) - return -1 - } - - return int(cert.NotAfter.Sub(cert.NotBefore).Seconds()) -} - // leaseCheckWait accepts a secret and returns the recommended amount of // time to sleep. func leaseCheckWait(s *Secret) time.Duration { @@ -131,12 +111,25 @@ func leaseCheckWait(s *Secret) time.Duration { } // Handle if this is a certificate with no lease - if certInterface, ok := s.Data["certificate"]; ok && s.LeaseID == "" { - if certData, ok := certInterface.(string); ok { - newDuration := durationFromCert(certData) - if newDuration > 0 { - log.Printf("[DEBUG] Found certificate and set lease duration to %d seconds", newDuration) - base = newDuration + if _, ok := s.Data["certificate"]; ok && s.LeaseID == "" { + if expInterface, ok := s.Data["expiration"]; ok { + if expData, err := expInterface.(json.Number).Int64(); err == nil { + base = int(expData - time.Now().Unix()) + log.Printf("[DEBUG] Found certificate and set lease duration to %d seconds", base) + } + } + } + + // Handle if this is a secret with a rotation period. If this is a rotating secret, + // the rotating secret's TTL will be the duration to sleep before rendering the new secret. + var rotatingSecret bool + if _, ok := s.Data["rotation_period"]; ok && s.LeaseID == "" { + if ttlInterface, ok := s.Data["ttl"]; ok { + if ttlData, err := ttlInterface.(json.Number).Int64(); err == nil { + log.Printf("[DEBUG] Found rotation_period and set lease duration to %d seconds", ttlData) + // Add a second for cushion + base = int(ttlData) + 1 + rotatingSecret = true } } } @@ -156,7 +149,9 @@ func leaseCheckWait(s *Secret) time.Duration { // Use some randomness so many clients do not hit Vault simultaneously. sleep = sleep * (rand.Float64() + 1) / 2.0 - } else { + } else if !rotatingSecret { + // If the secret doesn't have a rotation period, this is a non-renewable leased + // secret. // For non-renewable leases set the renew duration to use much of the secret // lease as possible. Use a stagger over 85%-95% of the lease duration so that // many clients do not hit Vault simultaneously. @@ -332,17 +327,3 @@ func isKVv2(client *api.Client, path string) (string, bool, error) { return mountPath, false, nil } - -func addPrefixToVKVPath(p, mountPath, apiPrefix string) string { - switch { - case p == mountPath, p == strings.TrimSuffix(mountPath, "/"): - return path.Join(mountPath, apiPrefix) - default: - p = strings.TrimPrefix(p, mountPath) - // Don't add /data to the path if it's been added manually. - if strings.HasPrefix(p, apiPrefix) { - return path.Join(mountPath, p) - } - return path.Join(mountPath, apiPrefix, p) - } -} diff --git a/vendor/github.com/hashicorp/consul-template/dependency/vault_read.go b/vendor/github.com/hashicorp/consul-template/dependency/vault_read.go index 00ebf27ec0d..ab71e9eb03e 100644 --- a/vendor/github.com/hashicorp/consul-template/dependency/vault_read.go +++ b/vendor/github.com/hashicorp/consul-template/dependency/vault_read.go @@ -4,6 +4,7 @@ import ( "fmt" "log" "net/url" + "path" "strings" "time" @@ -122,6 +123,9 @@ func (d *VaultReadQuery) Stop() { // String returns the human-friendly version of this dependency. func (d *VaultReadQuery) String() string { + if v := d.queryValues["version"]; len(v) > 0 { + return fmt.Sprintf("vault.read(%s.v%s)", d.rawPath, v[0]) + } return fmt.Sprintf("vault.read(%s)", d.rawPath) } @@ -142,7 +146,7 @@ func (d *VaultReadQuery) readSecret(clients *ClientSet, opts *QueryOptions) (*ap isKVv2 = false d.secretPath = d.rawPath } else if isKVv2 { - d.secretPath = addPrefixToVKVPath(d.rawPath, mountPath, "data") + d.secretPath = shimKVv2Path(d.rawPath, mountPath) } else { d.secretPath = d.rawPath } @@ -173,3 +177,21 @@ func deletedKVv2(s *api.Secret) bool { } return false } + +// shimKVv2Path aligns the supported legacy path to KV v2 specs by inserting +// /data/ into the path for reading secrets. Paths for metadata are not modified. +func shimKVv2Path(rawPath, mountPath string) string { + switch { + case rawPath == mountPath, rawPath == strings.TrimSuffix(mountPath, "/"): + return path.Join(mountPath, "data") + default: + p := strings.TrimPrefix(rawPath, mountPath) + + // Only add /data/ prefix to the path if neither /data/ or /metadata/ are + // present. + if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") { + return rawPath + } + return path.Join(mountPath, "data", p) + } +} diff --git a/vendor/github.com/hashicorp/consul-template/dependency/vault_token.go b/vendor/github.com/hashicorp/consul-template/dependency/vault_token.go index 93ad5984ac6..6e962906ce9 100644 --- a/vendor/github.com/hashicorp/consul-template/dependency/vault_token.go +++ b/vendor/github.com/hashicorp/consul-template/dependency/vault_token.go @@ -47,7 +47,6 @@ func (d *VaultTokenQuery) Fetch(clients *ClientSet, opts *QueryOptions, if err != nil { return nil, nil, errors.Wrap(err, d.String()) } - renewSecret(clients, d) } return nil, nil, ErrLeaseExpired diff --git a/vendor/github.com/hashicorp/consul-template/manager/runner.go b/vendor/github.com/hashicorp/consul-template/manager/runner.go index 7be178a45e2..f14a4c95dcb 100644 --- a/vendor/github.com/hashicorp/consul-template/manager/runner.go +++ b/vendor/github.com/hashicorp/consul-template/manager/runner.go @@ -102,6 +102,7 @@ type Runner struct { // template and command runtime with. These environment variables will be // available in both the command's environment as well as the template's // environment. + // NOTE this is only used when CT is being used as a library. Env map[string]string // stopLock is the lock around checking if the runner can be stopped @@ -556,23 +557,6 @@ func (r *Runner) Run() error { } } - // Check if we need to deliver any rendered signals - if wouldRenderAny || renderedAny { - // Send the signal that a template got rendered - select { - case r.renderedCh <- struct{}{}: - default: - } - } - - // Check if we need to deliver any event signals - if newRenderEvent { - select { - case r.renderEventCh <- struct{}{}: - default: - } - } - // Perform the diff and update the known dependencies. r.diffAndUpdateDeps(runCtx.depsMap) @@ -601,6 +585,23 @@ func (r *Runner) Run() error { } } + // Check if we need to deliver any rendered signals + if wouldRenderAny || renderedAny { + // Send the signal that a template got rendered + select { + case r.renderedCh <- struct{}{}: + default: + } + } + + // Check if we need to deliver any event signals + if newRenderEvent { + select { + case r.renderEventCh <- struct{}{}: + default: + } + } + // If we got this far and have a child process, we need to send the reload // signal to the child process. if renderedAny && r.child != nil { @@ -873,14 +874,23 @@ func (r *Runner) init() error { // config templates is kept so templates can lookup their commands and output // destinations. for _, ctmpl := range *r.config.Templates { + leftDelim := config.StringVal(ctmpl.LeftDelim) + if leftDelim == "" { + leftDelim = config.StringVal(r.config.DefaultDelims.Left) + } + rightDelim := config.StringVal(ctmpl.RightDelim) + if rightDelim == "" { + rightDelim = config.StringVal(r.config.DefaultDelims.Right) + } + tmpl, err := template.NewTemplate(&template.NewTemplateInput{ - Source: config.StringVal(ctmpl.Source), - Contents: config.StringVal(ctmpl.Contents), - ErrMissingKey: config.BoolVal(ctmpl.ErrMissingKey), - LeftDelim: config.StringVal(ctmpl.LeftDelim), - RightDelim: config.StringVal(ctmpl.RightDelim), - FunctionBlacklist: ctmpl.FunctionBlacklist, - SandboxPath: config.StringVal(ctmpl.SandboxPath), + Source: config.StringVal(ctmpl.Source), + Contents: config.StringVal(ctmpl.Contents), + ErrMissingKey: config.BoolVal(ctmpl.ErrMissingKey), + LeftDelim: leftDelim, + RightDelim: rightDelim, + FunctionDenylist: ctmpl.FunctionDenylist, + SandboxPath: config.StringVal(ctmpl.SandboxPath), }) if err != nil { return err @@ -1240,6 +1250,7 @@ func newClientSet(c *config.Config) (*dep.ClientSet, error) { if err := clients.CreateConsulClient(&dep.CreateConsulClientInput{ Address: config.StringVal(c.Consul.Address), + Namespace: config.StringVal(c.Consul.Namespace), Token: config.StringVal(c.Consul.Token), AuthEnabled: config.BoolVal(c.Consul.Auth.Enabled), AuthUsername: config.StringVal(c.Consul.Auth.Username), @@ -1296,6 +1307,7 @@ func newWatcher(c *config.Config, clients *dep.ClientSet, once bool) (*watch.Wat Clients: clients, MaxStale: config.TimeDurationVal(c.MaxStale), Once: c.Once, + BlockQueryWaitTime: config.TimeDurationVal(c.BlockQueryWaitTime), RenewVault: clients.Vault().Token() != "" && config.BoolVal(c.Vault.RenewToken), VaultAgentTokenFile: config.StringVal(c.Vault.VaultAgentTokenFile), RetryFuncConsul: watch.RetryFunc(c.Consul.Retry.RetryFunc()), diff --git a/vendor/github.com/hashicorp/consul-template/renderer/renderer.go b/vendor/github.com/hashicorp/consul-template/renderer/renderer.go index 59931c19e62..366eab81ded 100644 --- a/vendor/github.com/hashicorp/consul-template/renderer/renderer.go +++ b/vendor/github.com/hashicorp/consul-template/renderer/renderer.go @@ -60,11 +60,12 @@ type RenderResult struct { // whether it would have rendered and actually did render. func Render(i *RenderInput) (*RenderResult, error) { existing, err := ioutil.ReadFile(i.Path) - if err != nil && !os.IsNotExist(err) { + fileExists := !os.IsNotExist(err) + if err != nil && fileExists { return nil, errors.Wrap(err, "failed reading file") } - if bytes.Equal(existing, i.Contents) { + if bytes.Equal(existing, i.Contents) && fileExists { return &RenderResult{ DidRender: false, WouldRender: true, diff --git a/vendor/github.com/hashicorp/consul-template/template/funcs.go b/vendor/github.com/hashicorp/consul-template/template/funcs.go index 12e35b888e4..ecbdb72a3bc 100644 --- a/vendor/github.com/hashicorp/consul-template/template/funcs.go +++ b/vendor/github.com/hashicorp/consul-template/template/funcs.go @@ -2,7 +2,9 @@ package template import ( "bytes" + "crypto/sha256" "encoding/base64" + "encoding/hex" "encoding/json" "fmt" "io/ioutil" @@ -388,10 +390,8 @@ func byMeta(meta string, services []*dep.HealthService) (groups map[string][]*de } getOrDefault := func(m map[string]string, key string) string { realKey := strings.TrimSuffix(key, "|int") - if val, ok := m[realKey]; ok { - if val != "" { - return val - } + if val := m[realKey]; val != "" { + return val } if strings.HasSuffix(key, "|int") { return "0" @@ -981,6 +981,19 @@ func parseUint(s string) (uint64, error) { return result, nil } +// parseYAML returns a structure for valid YAML +func parseYAML(s string) (interface{}, error) { + if s == "" { + return map[string]interface{}{}, nil + } + + var data interface{} + if err := yaml.Unmarshal([]byte(s), &data); err != nil { + return nil, err + } + return data, nil +} + // plugin executes a subprocess as the given command string. It is assumed the // resulting command returns JSON which is then parsed and returned as the // value for use in the template. @@ -1346,8 +1359,150 @@ func modulo(b, a interface{}) (interface{}, error) { } } -// blacklisted always returns an error, to be used in place of blacklisted template functions -func blacklisted(...string) (string, error) { +// minimum returns the minimum between a and b. +func minimum(b, a interface{}) (interface{}, error) { + av := reflect.ValueOf(a) + bv := reflect.ValueOf(b) + + switch av.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if av.Int() < bv.Int() { + return av.Int(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Int() < int64(bv.Uint()) { + return av.Int(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if float64(av.Int()) < bv.Float() { + return av.Int(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("minimum: unknown type for %q (%T)", bv, b) + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if int64(av.Uint()) < bv.Int() { + return av.Uint(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Uint() < bv.Uint() { + return av.Uint(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if float64(av.Uint()) < bv.Float() { + return av.Uint(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("minimum: unknown type for %q (%T)", bv, b) + } + case reflect.Float32, reflect.Float64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if av.Float() < float64(bv.Int()) { + return av.Float(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Float() < float64(bv.Uint()) { + return av.Float(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if av.Float() < bv.Float() { + return av.Float(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("minimum: unknown type for %q (%T)", bv, b) + } + default: + return nil, fmt.Errorf("minimum: unknown type for %q (%T)", av, a) + } +} + +// maximum returns the maximum between a and b. +func maximum(b, a interface{}) (interface{}, error) { + av := reflect.ValueOf(a) + bv := reflect.ValueOf(b) + + switch av.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if av.Int() > bv.Int() { + return av.Int(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Int() > int64(bv.Uint()) { + return av.Int(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if float64(av.Int()) > bv.Float() { + return av.Int(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("maximum: unknown type for %q (%T)", bv, b) + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if int64(av.Uint()) > bv.Int() { + return av.Uint(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Uint() > bv.Uint() { + return av.Uint(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if float64(av.Uint()) > bv.Float() { + return av.Uint(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("maximum: unknown type for %q (%T)", bv, b) + } + case reflect.Float32, reflect.Float64: + switch bv.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if av.Float() > float64(bv.Int()) { + return av.Float(), nil + } + return bv.Int(), nil + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if av.Float() > float64(bv.Uint()) { + return av.Float(), nil + } + return bv.Uint(), nil + case reflect.Float32, reflect.Float64: + if av.Float() > bv.Float() { + return av.Float(), nil + } + return bv.Float(), nil + default: + return nil, fmt.Errorf("maximum: unknown type for %q (%T)", bv, b) + } + default: + return nil, fmt.Errorf("maximum: unknown type for %q (%T)", av, a) + } +} + +// denied always returns an error, to be used in place of denied template functions +func denied(...string) (string, error) { return "", errors.New("function is disabled") } @@ -1379,3 +1534,11 @@ func sockaddr(args ...string) (string, error) { } return k, nil } + +// sha256Hex return the sha256 hex of a string +func sha256Hex(item string) (string, error) { + h := sha256.New() + h.Write([]byte(item)) + output := hex.EncodeToString(h.Sum(nil)) + return output, nil +} diff --git a/vendor/github.com/hashicorp/consul-template/template/template.go b/vendor/github.com/hashicorp/consul-template/template/template.go index b56a79e2e9b..7b70bca559b 100644 --- a/vendor/github.com/hashicorp/consul-template/template/template.go +++ b/vendor/github.com/hashicorp/consul-template/template/template.go @@ -15,12 +15,12 @@ import ( var ( // ErrTemplateContentsAndSource is the error returned when a template // specifies both a "source" and "content" argument, which is not valid. - ErrTemplateContentsAndSource = errors.New("template: cannot specify both 'source' and 'content'") + ErrTemplateContentsAndSource = errors.New("template: cannot specify both 'source' and 'contents'") // ErrTemplateMissingContentsAndSource is the error returned when a template // does not specify either a "source" or "content" argument, which is not // valid. - ErrTemplateMissingContentsAndSource = errors.New("template: must specify exactly one of 'source' or 'content'") + ErrTemplateMissingContentsAndSource = errors.New("template: must specify exactly one of 'source' or 'contents'") ) // Template is the internal representation of an individual template to process. @@ -46,9 +46,9 @@ type Template struct { // is indexed with a key that does not exist. errMissingKey bool - // functionBlacklist are functions not permitted to be executed + // functionDenylist are functions not permitted to be executed // when we render this template - functionBlacklist []string + functionDenylist []string // sandboxPath adds a prefix to any path provided to the `file` function // and causes an error if a relative path tries to traverse outside that @@ -72,9 +72,9 @@ type NewTemplateInput struct { LeftDelim string RightDelim string - // FunctionBlacklist are functions not permitted to be executed + // FunctionDenylist are functions not permitted to be executed // when we render this template - FunctionBlacklist []string + FunctionDenylist []string // SandboxPath adds a prefix to any path provided to the `file` function // and causes an error if a relative path tries to traverse outside that @@ -104,7 +104,7 @@ func NewTemplate(i *NewTemplateInput) (*Template, error) { t.leftDelim = i.LeftDelim t.rightDelim = i.RightDelim t.errMissingKey = i.ErrMissingKey - t.functionBlacklist = i.FunctionBlacklist + t.functionDenylist = i.FunctionDenylist t.sandboxPath = i.SandboxPath if i.Source != "" { @@ -175,13 +175,13 @@ func (t *Template) Execute(i *ExecuteInput) (*ExecuteResult, error) { tmpl.Delims(t.leftDelim, t.rightDelim) tmpl.Funcs(funcMap(&funcMapInput{ - t: tmpl, - brain: i.Brain, - env: i.Env, - used: &used, - missing: &missing, - functionBlacklist: t.functionBlacklist, - sandboxPath: t.sandboxPath, + t: tmpl, + brain: i.Brain, + env: i.Env, + used: &used, + missing: &missing, + functionDenylist: t.functionDenylist, + sandboxPath: t.sandboxPath, })) if t.errMissingKey { @@ -210,13 +210,13 @@ func (t *Template) Execute(i *ExecuteInput) (*ExecuteResult, error) { // funcMapInput is input to the funcMap, which builds the template functions. type funcMapInput struct { - t *template.Template - brain *Brain - env []string - functionBlacklist []string - sandboxPath string - used *dep.Set - missing *dep.Set + t *template.Template + brain *Brain + env []string + functionDenylist []string + sandboxPath string + used *dep.Set + missing *dep.Set } // funcMap is the map of template functions to their respective functions. @@ -273,10 +273,12 @@ func funcMap(i *funcMapInput) template.FuncMap { "parseInt": parseInt, "parseJSON": parseJSON, "parseUint": parseUint, + "parseYAML": parseYAML, "plugin": plugin, "regexReplaceAll": regexReplaceAll, "regexMatch": regexMatch, "replaceAll": replaceAll, + "sha256Hex": sha256Hex, "timestamp": timestamp, "toLower": toLower, "toJSON": toJSON, @@ -294,11 +296,13 @@ func funcMap(i *funcMapInput) template.FuncMap { "multiply": multiply, "divide": divide, "modulo": modulo, + "minimum": minimum, + "maximum": maximum, } - for _, bf := range i.functionBlacklist { + for _, bf := range i.functionDenylist { if _, ok := r[bf]; ok { - r[bf] = blacklisted + r[bf] = denied } } diff --git a/vendor/github.com/hashicorp/consul-template/version/version.go b/vendor/github.com/hashicorp/consul-template/version/version.go index d2d87631424..482e3e8453e 100644 --- a/vendor/github.com/hashicorp/consul-template/version/version.go +++ b/vendor/github.com/hashicorp/consul-template/version/version.go @@ -2,7 +2,7 @@ package version import "fmt" -const Version = "0.24.1" +const Version = "0.25.1" var ( Name string diff --git a/vendor/github.com/hashicorp/consul-template/watch/view.go b/vendor/github.com/hashicorp/consul-template/watch/view.go index 0d7e5fbcdae..bb5662b9fae 100644 --- a/vendor/github.com/hashicorp/consul-template/watch/view.go +++ b/vendor/github.com/hashicorp/consul-template/watch/view.go @@ -11,11 +11,6 @@ import ( dep "github.com/hashicorp/consul-template/dependency" ) -const ( - // The amount of time to do a blocking query for - defaultWaitTime = 60 * time.Second -) - // View is a representation of a Dependency and the most recent data it has // received from Consul. type View struct { @@ -33,6 +28,9 @@ type View struct { receivedData bool lastIndex uint64 + // blockQueryWaitTime is amount of time in seconds to do a blocking query for + blockQueryWaitTime time.Duration + // maxStale is the maximum amount of time to allow a query to be stale. maxStale time.Duration @@ -56,6 +54,9 @@ type NewViewInput struct { // directly to the dependency. Clients *dep.ClientSet + // BlockQueryWaitTime is amount of time in seconds to do a blocking query for + BlockQueryWaitTime time.Duration + // MaxStale is the maximum amount a time a query response is allowed to be // stale before forcing a read from the leader. MaxStale time.Duration @@ -71,12 +72,13 @@ type NewViewInput struct { // NewView constructs a new view with the given inputs. func NewView(i *NewViewInput) (*View, error) { return &View{ - dependency: i.Dependency, - clients: i.Clients, - maxStale: i.MaxStale, - once: i.Once, - retryFunc: i.RetryFunc, - stopCh: make(chan struct{}, 1), + dependency: i.Dependency, + clients: i.Clients, + blockQueryWaitTime: i.BlockQueryWaitTime, + maxStale: i.MaxStale, + once: i.Once, + retryFunc: i.RetryFunc, + stopCh: make(chan struct{}, 1), }, nil } @@ -201,7 +203,7 @@ func (v *View) fetch(doneCh, successCh chan<- struct{}, errCh chan<- error) { data, rm, err := v.dependency.Fetch(v.clients, &dep.QueryOptions{ AllowStale: allowStale, - WaitTime: defaultWaitTime, + WaitTime: v.blockQueryWaitTime, WaitIndex: v.lastIndex, }) if err != nil { diff --git a/vendor/github.com/hashicorp/consul-template/watch/watcher.go b/vendor/github.com/hashicorp/consul-template/watch/watcher.go index 81acd2fe12e..805740ba5e2 100644 --- a/vendor/github.com/hashicorp/consul-template/watch/watcher.go +++ b/vendor/github.com/hashicorp/consul-template/watch/watcher.go @@ -27,6 +27,9 @@ type Watcher struct { // errCh is the chan where any errors will be published. errCh chan error + // blockQueryWaitTime is amount of time in seconds to do a blocking query for + blockQueryWaitTime time.Duration + // depViewMap is a map of Templates to Views. Templates are keyed by // their string. depViewMap map[string]*View @@ -54,6 +57,9 @@ type NewWatcherInput struct { // Once specifies this watcher should tell views to poll exactly once. Once bool + // WaitTime is amount of time in seconds to do a blocking query for + BlockQueryWaitTime time.Duration + // RenewVault indicates if this watcher should renew Vault tokens. RenewVault bool @@ -72,15 +78,16 @@ type NewWatcherInput struct { // NewWatcher creates a new watcher using the given API client. func NewWatcher(i *NewWatcherInput) (*Watcher, error) { w := &Watcher{ - clients: i.Clients, - depViewMap: make(map[string]*View), - dataCh: make(chan *View, dataBufferSize), - errCh: make(chan error), - maxStale: i.MaxStale, - once: i.Once, - retryFuncConsul: i.RetryFuncConsul, - retryFuncDefault: i.RetryFuncDefault, - retryFuncVault: i.RetryFuncVault, + clients: i.Clients, + depViewMap: make(map[string]*View), + dataCh: make(chan *View, dataBufferSize), + errCh: make(chan error), + maxStale: i.MaxStale, + once: i.Once, + blockQueryWaitTime: i.BlockQueryWaitTime, + retryFuncConsul: i.RetryFuncConsul, + retryFuncDefault: i.RetryFuncDefault, + retryFuncVault: i.RetryFuncVault, } // Start a watcher for the Vault renew if that config was specified @@ -149,11 +156,12 @@ func (w *Watcher) Add(d dep.Dependency) (bool, error) { } v, err := NewView(&NewViewInput{ - Dependency: d, - Clients: w.clients, - MaxStale: w.maxStale, - Once: w.once, - RetryFunc: retryFunc, + Dependency: d, + Clients: w.clients, + MaxStale: w.maxStale, + BlockQueryWaitTime: w.blockQueryWaitTime, + Once: w.once, + RetryFunc: retryFunc, }) if err != nil { return false, errors.Wrap(err, "watcher") diff --git a/vendor/modules.txt b/vendor/modules.txt index d1683d1a5e3..7b888c71e5b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -347,7 +347,7 @@ github.com/hashicorp/consul/command/flags github.com/hashicorp/consul/lib github.com/hashicorp/consul/logging github.com/hashicorp/consul/version -# github.com/hashicorp/consul-template v0.24.1 +# github.com/hashicorp/consul-template v0.25.1 ## explicit github.com/hashicorp/consul-template/child github.com/hashicorp/consul-template/config @@ -1071,7 +1071,7 @@ honnef.co/go/tools/version # github.com/NYTimes/gziphandler => github.com/NYTimes/gziphandler v1.0.0 # github.com/apparentlymart/go-textseg/v12 => github.com/apparentlymart/go-textseg/v12 v12.0.0 # github.com/godbus/dbus => github.com/godbus/dbus v5.0.1+incompatible +# github.com/golang/protobuf => github.com/golang/protobuf v1.3.4 # github.com/hashicorp/nomad/api => ./api # github.com/kr/pty => github.com/kr/pty v1.1.5 # github.com/shirou/gopsutil => github.com/hashicorp/gopsutil v2.18.13-0.20200531184148-5aca383d4f9d+incompatible -# github.com/golang/protobuf => github.com/golang/protobuf v1.3.4 From f6037a109deebee0459ad8ebc79b4f772b9a40c9 Mon Sep 17 00:00:00 2001 From: Yoan Blanc Date: Mon, 24 Aug 2020 09:18:01 +0200 Subject: [PATCH 2/2] fixup! vendor: consul-template v0.25.1 Signed-off-by: Yoan Blanc --- client/fingerprint_manager.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/fingerprint_manager.go b/client/fingerprint_manager.go index a0cf281240e..79481127d57 100644 --- a/client/fingerprint_manager.go +++ b/client/fingerprint_manager.go @@ -71,9 +71,9 @@ func (fm *FingerprintManager) getNode() *structs.Node { func (fp *FingerprintManager) Run() error { // First, set up all fingerprints cfg := fp.getConfig() - allowlistFingerprints := cfg.ReadStringListToMap("fingerprint.allowlist") + allowlistFingerprints := cfg.ReadStringListToMap("fingerprint.allowlist", "fingerprint.whitelist") allowlistFingerprintsEnabled := len(allowlistFingerprints) > 0 - denylistFingerprints := cfg.ReadStringListToMap("fingerprint.denylist") + denylistFingerprints := cfg.ReadStringListToMap("fingerprint.denylist", "fingerprint.blacklist") fp.logger.Debug("built-in fingerprints", "fingerprinters", fingerprint.BuiltinFingerprints())