agent/template: add static_secret_render_interval configurable (#11934)

* agent/template: add default_lease_duration config * go mod tidy * Add changelog * Fix panic * Add documentation * Change to static_secret_render_interval * Update doc * Update command/agent/template/template.go Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update changelog/11934.txt Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update website/content/docs/agent/template-config.mdx Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2025-11-03 03:58:01 +00:00 · 2021-06-24 15:40:31 -04:00
parent bbef373a8d
commit 22d8470f4f
7 changed files with 27 additions and 8 deletions
--- a/command/agent/config/config.go
+++ b/command/agent/config/config.go
@@ -119,7 +119,9 @@ type Sink struct {

 // TemplateConfig defines global behaviors around template
 type TemplateConfig struct {
-	ExitOnRetryFailure bool `hcl:"exit_on_retry_failure"`
+	ExitOnRetryFailure       bool          `hcl:"exit_on_retry_failure"`
+	StaticSecretRenderIntRaw interface{}   `hcl:"static_secret_render_interval"`
+	StaticSecretRenderInt    time.Duration `hcl:"-"`
 }

 func NewConfig() *Config {
@@ -585,6 +587,14 @@ func parseTemplateConfig(result *Config, list *ast.ObjectList) error {

 	result.TemplateConfig = &cfg

+	if result.TemplateConfig.StaticSecretRenderIntRaw != nil {
+		var err error
+		if result.TemplateConfig.StaticSecretRenderInt, err = parseutil.ParseDurationSecond(result.TemplateConfig.StaticSecretRenderIntRaw); err != nil {
+			return err
+		}
+		result.TemplateConfig.StaticSecretRenderIntRaw = nil
+	}
+
 	return nil
 }

--- a/command/agent/config/config_test.go
+++ b/command/agent/config/config_test.go
@@ -544,7 +544,8 @@ func TestLoadConfigFile_TemplateConfig(t *testing.T) {
 		"set-true": {
 			"./test-fixtures/config-template_config.hcl",
 			TemplateConfig{
-				ExitOnRetryFailure: true,
+				ExitOnRetryFailure:    true,
+				StaticSecretRenderInt: 1 * time.Minute,
 			},
 		},
 		"empty": {
--- a/command/agent/config/test-fixtures/config-template_config.hcl
+++ b/command/agent/config/test-fixtures/config-template_config.hcl
@@ -7,9 +7,10 @@ vault {

 template_config {
  exit_on_retry_failure = true
+  static_secret_render_interval = 60
 }

 template {
  source      = "/path/on/disk/to/template.ctmpl"
  destination = "/path/on/disk/where/template/will/render.txt"
-}
+}
--- a/command/agent/template/template.go
+++ b/command/agent/template/template.go
@@ -240,6 +240,10 @@ func newRunnerConfig(sc *ServerConfig, templates ctconfig.TemplateConfigs) (*ctc
 		conf.Vault.Namespace = &sc.Namespace
 	}

+	if sc.AgentConfig.TemplateConfig != nil && sc.AgentConfig.TemplateConfig.StaticSecretRenderInt != 0 {
+		conf.Vault.DefaultLeaseDuration = &sc.AgentConfig.TemplateConfig.StaticSecretRenderInt
+	}
+
 	conf.Vault.SSL = &ctconfig.SSLConfig{
 		Enabled:    pointerutil.BoolPtr(false),
 		Verify:     pointerutil.BoolPtr(false),