Add support in Agent for running cache+auto_auth without any sinks (#6468)

* Add support in Agent for running cache+auto_auth without any sinks configured. * Add missing fixture.
2019-04-01 16:26:41 -04:00 · 2019-04-01 16:26:41 -04:00 · 0b05c86f8c
commit 0b05c86f8c
parent 4efb496729
4 changed files with 65 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -54,6 +54,7 @@ Vagrantfile
 !command/agent/config/test-fixtures/bad-config-cache-inconsistent-auto_auth.hcl
 !command/agent/config/test-fixtures/bad-config-cache-no-listeners.hcl
 !command/agent/config/test-fixtures/config-cache-no-auto_auth.hcl
+!command/agent/config/test-fixtures/config-cache-auto_auth-no-sink.hcl

 .DS_Store
 .idea
--- a/command/agent/config/config.go
+++ b/command/agent/config/config.go
@ -260,18 +260,14 @@ func parseAutoAuth(result *Config, list *ast.ObjectList) error {
 	if err := parseMethod(result, subList); err != nil {
 		return errwrap.Wrapf("error parsing 'method': {{err}}", err)
 	}
+	if a.Method == nil {
+		return fmt.Errorf("no 'method' block found")
+	}

 	if err := parseSinks(result, subList); err != nil {
 		return errwrap.Wrapf("error parsing 'sink' stanzas: {{err}}", err)
 	}

-	switch {
-	case a.Method == nil:
-		return fmt.Errorf("no 'method' block found")
-	case len(a.Sinks) == 0:
-		return fmt.Errorf("at least one 'sink' block must be provided")
-	}
-
 	return nil
 }

@ -324,7 +320,7 @@ func parseSinks(result *Config, list *ast.ObjectList) error {

 	sinkList := list.Filter(name)
 	if len(sinkList.Items) < 1 {
-		return fmt.Errorf("at least one %q block is required", name)
+		return nil
 	}

 	var ts []*Sink
--- a/command/agent/config/config_test.go
+++ b/command/agent/config/config_test.go
@ -199,3 +199,42 @@ func TestLoadConfigFile_Bad_AgentCache_NoListeners(t *testing.T) {
 		t.Fatal("LoadConfig should return an error when cache section present and no listeners present")
 	}
 }
+
+func TestLoadConfigFile_AgentCache_AutoAuth_NoSink(t *testing.T) {
+	logger := logging.NewVaultLogger(log.Debug)
+
+	config, err := LoadConfig("./test-fixtures/config-cache-auto_auth-no-sink.hcl", logger)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	expected := &Config{
+		AutoAuth: &AutoAuth{
+			Method: &Method{
+				Type:      "aws",
+				WrapTTL:   300 * time.Second,
+				MountPath: "auth/aws",
+				Config: map[string]interface{}{
+					"role": "foobar",
+				},
+			},
+		},
+		Cache: &Cache{
+			UseAutoAuthToken: true,
+		},
+		Listeners: []*Listener{
+			&Listener{
+				Type: "tcp",
+				Config: map[string]interface{}{
+					"address":     "127.0.0.1:8300",
+					"tls_disable": true,
+				},
+			},
+		},
+		PidFile: "./pidfile",
+	}
+
+	if diff := deep.Equal(config, expected); diff != nil {
+		t.Fatal(diff)
+	}
+}
--- a/command/agent/config/test-fixtures/config-cache-auto_auth-no-sink.hcl
+++ b/command/agent/config/test-fixtures/config-cache-auto_auth-no-sink.hcl
@ -0,0 +1,21 @@
+pid_file = "./pidfile"
+
+auto_auth {
+	method {
+		type = "aws"
+		wrap_ttl = 300
+		config = {
+			role = "foobar"
+		}
+	}
+}
+
+cache {
+	use_auto_auth_token = true
+}
+
+listener "tcp" {
+    address = "127.0.0.1:8300"
+    tls_disable = true
+}
+