writeToFile Function Improvements

[mbillow]

User and Group Changes

The writeToFile function now allows empty strings to be passed into the username and groupName fields which will default to the current user. If neither is set, it will skip the chown call completely. This allows the consul-template to run as an init container without additional permissions.

The username and groupName fields can now also support raw UIDs and GIDs respectively. This allows vault-agent to write files for users that aren't in /etc/passwd.

Directory Creation

Now consul-template will automatically attempt to create the directories necessary before writing the file.

[eikenb]

Thanks for including documentation updates!

[mbillow]

@eikenb Thanks for reviewing and merging this so quickly, I appreciate it!

Is it possible to get this released before the current 0.29.0 target?

I’m trying, with the help of our Enterprise support team, to get this (and sprig templates in 0.28.0) pulled into the next release of Vault because we need all of this in Vault Agent.

[eikenb]

Hey @mbillow,

The only outstanding feature/issue for 0.29.0 is also for Vault Agent, the PKI cert renewal issue (#1259).

[mbillow]

@eikenb Is that something actively being worked on? Is there an ETA? Just trying to properly set expectations on our side since this blocks some work internally.

[eikenb]

Yep. I'm working on that next. I've already figured out the solution, but need to write it up w/ tests, etc. There were some other bugs I was going to fix for 0.29 as well, but there are some internal discussions here that might end up with a quicker release.

[mbillow]

@eikenb Apologies if it is coming from the enterprise support team. I’ve been discussing with them the importance this has for us and letting them know I made the changes I did.

There is a lot of old, custom stuff we can turn off when these changes get merged into Vault that I am very excited to turn off. 😅

Let me know if there is anything I can do to help! Happy to benefit the open source community while also on the clock. 😉

[eikenb]

No apologies necessary @mbillow. The other teams work is important (to us) to help set priorities and is part of the process. Thanks for the thoughts though and am very happy to hear that this will make your life easier.