IMPROVEMENTS:
vault_agent_token_file
, which supports loading the Vault token from the contents of a dynamically updated file. This is intended for use in environments like Kubernetes [GH-1185].BUG FIXES:
exec
to not be called with multiple templates and wait
configured [GH-1043]BUG FIXES:
wait { min = X }
). At best this
was a lot of wasted work, in some cases it caused 100% CPU usage when template
instance leadership was split. [GH-1099, GH-1095]IMPROVEMENTS:
BREAKING CHANGES:
BUG FIXES:
Remove references to unsupported dump_signal
configuration
Update vendor libraries to support Consul 1.0.0 changes for better test stability
Renew unwrapped Vault token (previously Consul Template) would try to renew the wrapped token, which would not work.
Do not sort results when ~near
queries are used [GH-1027]
Handle integer overflow in exponential backoff calculations [GH-1031, GH-1028]
Properly preserve existing file permissions [GH-1037]
IMPROVEMENTS:
Compile with Go 1.9.2
The Vault grace period in the config is now set to 15 seconds as the default. This matches Vault's default configuration for consistency.
Add indent
function for indenting blocks of text in templates
Allow additional colons in the template command on the CLI [GH-1026]
Add Vault Transit example for key exfiltration [GH-1014]
Add a new option for disabling recursive directory creation per template [GH-1033]
Allow dots in node names [GH-977]
BUG FIXES:
BUG FIXES:
IMPROVEMENTS:
The runner's render event now includes the last-rendered template contents. This is useful when embedding Consul Template as a library. [GH-974-975]
Use the new Golang API renewer [GH-978]
Compile and build with Go 1.9
BUG FIXES:
error_on_missing_key
. This causes the template to
error when the user attempts to access a key in a map or field in a struct
that does not exist. Previous behavior was to print <no value>
, which
might not be the desired behavior. This is opt-in behavior on a
per-template basis. There is no global option. A future version of
Consul Template will switch the default behavior to this safer format, but
that change will be clearly called out as a breaking change in the future.
Users should set error_on_missing_key = false
in their configuration
files if they are relying on the current <no value>
behavior.
[GH-973, GH-972]BREAKING CHANGES:
IMPROVEMENTS:
vault.grace
, which configures the grace
period between lease renewal and secret re-acquisition. When renewing a
secret, if the remaining lease is less than or equal to the configured
grace, Consul Template will request a new credential. This prevents Vault
from revoking the credential at expiration and Consul Template having a
stale credential. If you set this to a value that is higher than your
default TTL or max TTL, Consul Template will always read a new secret!
datacenters
to optionally ignore inaccessible
datacenters [GH-908].BUG FIXES:
BREAKING CHANGES:
max_backoff = 0
in their
configurations. [GH-940]IMPROVEMENTS:
MaxBackoff
in Retry options [GH-938, GH-939]BUG FIXES:
IMPROVEMENTS:
BUG FIXES:
NOTABLE:
IMPROVEMENTS:
modulo
function for performing modulo mathBUG FIXES:
GOMAXPROCS
VAULT_*
envvars before finalizing [GH-914, GH-916][]*KeyPair
as a gob [GH-893]IMPROVEMENTS:
.exe
extension to Windows binaries [GH-875]~/.vault-token
if it exists [GH-878, GH-884]BUG FIXES:
Resolve an issue with filters on health service dependencies [GH-857]
Restore ability to reload configurations from disk [GH-866]
Move env
back to a helper function [GH-882]
This was causing a lot of issues for users, and it required many folks to
re-write their templates for the small benefit of people running in
de-duplicate mode who did not understand the trade-offs. The README is now
updated with the trade-offs of running in dedup mode and the expected env
behavior has been restored.
Do not loop indefinitely if the dedup manager is unable to acquire a lock [GH-864]
NEW FEATURES:
Add new template function keyExists
for determining if a key is present.
See the breaking change notice before for more information about the
motivation for this change.
Add scratch
for storing information across a template invocation. Scratch
is especially useful when saving a computed value to use it across a
template. Scratch values are not shared across multiple templates and are
not persisted between template invocations
Add support for controlling retry behavior for failed communications to Consul or Vault. By default, Consul Template will now retry 5 times before returning an error. The backoff timing and number of attempts can be tuned using the CLI or a configuration file.
Add executeTemplate
function for executing a defined template.
Add base64Decode
, base64Encode
, base64URLDecode
, and base64URLEncode
functions for working with base64 encodings.
Add containsAll
, containsAny
, containsNone
, and containsNotAll
functions for easy filtering of multiple tag selections.
BREAKING CHANGES:
Consul Template now blocks on key
queries. The previous behavior was
to always pass through, allowing users to use the existence of a key as
a source of control flow. This caused confusion among many users, so we
have restored the expected behavior of blocking on a key
query, but have
added keyExists
to check for the existence of a key. Note that the
keyOrDefault
function remains unchanged and will not block if the value
is nil, as expected.
The vault
template function has been removed. This has been deprecated
with a warning since v0.14.0.
A shell is no longer assumed for Template commands. Previous versions of
Consul Template assumed /bin/sh
(cmd
on Windows) as the parent
process for the template command. Due to user requests and a desire to
customize the shell, Consul Template no longer wraps the command in a
shell. For most commands, this change will be transparent. If you were
utilizing shell-specific functions like &&
, ||
, or conditionals, you
will need to wrap you command in a shell, for example:
-template "in.tpl:out.tpl:/bin/bash -c 'echo a || b'"
or
template {
command = "/bin/bash -c 'echo a || b'"
}
The env
function is now treated as a dependency instead of a helper. For
most users, there will be no impact.
This release is compiled with Golang v1.8. We do not expect this to cause any issues, but it is worth calling out.
DEPRECATIONS:
.Tags.Contains
is deprecated. Templates should make use of the built-in
in
and contains
functions instead. For example:
{{ if .Tags.Contains "foo" }}
becomes:
{{ if .Tags | contains "foo" }}
or:
{{ if "foo" | in .Tags }}
key_or_default
has been renamed to keyOrDefault
to better align with
Go's naming structure. The old method is aliased and will remain until a
future release.
Consul-specific CLI options are now prefixed with -consul-
:
-auth
is now -consul-auth
-ssl-(.*)
is now -consul-ssl-$1
-retry
is now -consul-retry
and has been broken apart into more
specific CLI options.Consul-specific configuration options are now nested under a stanza. For example:
auth {
username = "foo"
password = "bar"
}
becomes:
consul {
auth {
username = "foo"
password = "bar"
}
}
This applies to the auth
, retry
, ssl
, and token
options.
IMPROVEMENTS:
Add CLI support for all SSL configuration options for both Consul and Vault.
Vault options are identical to Consul but with vault-
prefix. Includes
the addition of ssl-ca-path
to be consistent with file-based configuration
options.
ssl
vault-ssl
(Enable)ssl-verify
vault-ssl-verify
ssl-cert
vault-ssl-cert
ssl-key
vault-ssl-key
ssl-ca-cert
vault-ssl-ca-cert
ssl-ca-path
vault-ssl-ca-path
ssl-server-name
vault-ssl-server-name
Add -consul-ssl-server-name
Add -consul-ssl-ca-path
Add -consul-retry
Add -consul-retry-attempts
Add -consul-retry-backoff
Add -vault-retry
Add -vault-retry-attempts
Add -vault-retry-backoff
Add support for server_name
option for TLS configurations to allow
specification of the expected certificate common name.
Add -vault-addr
CLI option for specifying the Vault server address
[GH-740, GH-747]
Add tagged addresses to Node structs
Add support for multiple -config
flags [GH-773, GH-751]
Add more control over template command execution
Add a way to programatically track the dependencies a particular template is blocked on [GH-799]
BUG FIXES:
-renew-token
flag not begin honored on the CLI [GH-741, GH-745]*
in key names [GH-789, GH-755]NEW FEATURES:
unwrap_token
option to your Vault configuration stanza or pass in
the -vault-unwrap-token
command line flag.BREAKING CHANGES:
DEPRECATIONS:
vault.renew
option has been renamed to vault.renew_token
for added
clarity. This is backwards-compatible for this release, but will be
removed in a future release, so please update your configurations
accordingly.IMPROVEMENTS:
BUG FIXES:
secret
[GH-660, GH-662]Service
address to catalog node response [GH-687]BREAKING CHANGES:
IMPROVEMENTS:
BUG FIXES:
DEPRECATIONS:
vault
template API function has been renamed to secret
to be in line
with other tooling. The vault
API function will continue to work but will
print a warning to the log file. A future release of Consul Template will
remove the vault
API.NEW FEATURES:
secrets
template API for listing secrets in Vault. Please note this
requires Vault 0.5+ and the secret backend must support listing. Please see
the Vault documentation for more information [GH-270]IMPROVEMENTS:
toJSON
in the template. Previously
this was restricted to key-value maps, but that restriction is now removed.
[GH-553]BUG FIXES:
BUG FIXES:
BUG FIXES:
IMPROVEMENTS:
BUG FIXES:
<no data>
in the rendered template. Please
note, there is a bug in Vault 0.4 with respect to lease renewals that makes
it inoperable with Consul Template. Please either use Vault 0.3 or wait
until Vault 0.5 is released (the bug has already been fixed on master).
[GH-468, GH-493, GH-504]BREAKING CHANGES:
Add support for checking if a node is in maintenance mode [GH-477, GH-455]
Previously, Consul Template would report nodes in maintenance mode as "critical". They will now report as "maintenance" so users can perform more detailed filtering. It is unlikely, but if you were filtering critical services, nodes/services in maintenance mode will no longer be included.
FEATURES:
IMPROVEMENTS:
renew-self
endpoint instead of renew
for renewing the token
[GH-450]FEATURES:
timestamp
to generate a unix
timestamp [GH-422]IMPROVEMENTS:
Path
a public field on the vault secret dependency so other libraries
can access itBUG FIXES:
LastContact
value for non-Consul dependencies to always
return 0 [GH-432, GH-433]DefaultConfig()
in tests to find issuesBREAKING CHANGES:
Allow configuration of destination file permissions [GH-415, GH-358]
Previously, Consul Template would inspect the file at the destination path and mirror those file permissions, if a file existed. If a file did not exist, Consul Template would render the file with 0644 permissions. This was acceptable behavior in a pre-Vault world, but now that Consul Template is capable of rendering secrets, there is a desire for increased security. As such, Consul Template no longer mirrors existing destination file permissions. Instead, users can specify the file permissions in the configuration file. Please see the README for examples. If you were previously relying on an existing file's file permissions to enfore the destination file permissions, you must switch to specifying the file permissions in the configuration file. If you were not dependent on this behavior, nothing has changed; the default value is still 0644.
FEATURES:
in
and contains
functions for checking if a slice or array contains
a given value [GH-366]add
function for calculating the sum of integers/floatssubtract
function for calculating the difference of integers/floatsmultiply
function for calculating the product of integers/floatsdivide
function for calculating the division of integers/floatsIMPROVEMENTS:
once
mode [GH-361, GH-418]BUG FIXES:
service
query and documentation - it was unused
and legacy, but was causing issues and confusion [GH-333]FEATURES:
plugin
and plugin ecosystemparseBool
function for parsing strings into booleans (GH-312)parseFloat
function for parsing strings into float64 (GH-312)parseInt
function for parsing strings into int64 (GH-312)parseUint
function for parsing strings into uint64 (GH-312)explode
function for exploding the result of tree
or ls
into a
deeply nested hash (GH-311)toJSON
and toJSONPretty
function for exporting the result of tree
or ls
into a JSON hash (GH-311)toYAML
function for exporting the result of tree
or ls
into a
YAML document (GH-311)node
function for querying nodes (GH-306, GH-309)split
function for splitting a string on a separator (GH-285)join
function for joining a string slice on a given key (GH-285)pid_file
configuration and command line option for specifying the
location of a pid file on disk (GH-281, GH-286)IMPROVEMENTS:
BUG FIXES:
FEATURES:
regexMatch
template helper to determine if a result matches the given
regular expressions (GH-246)ssl-cert
and ss-ca-cert
options (GH-255)IMPROVEMENTS:
byTag
to accept catalog services as well (GH-249, GH-250).Contains
function (GH-261)BUG FIXES:
-v
in addition to -version
to get the version outputFEATURES:
.Size()
so the watcher can report its size (GH-206)byKey
template helper to group the results of a tree
function by
their containing directory (GH-207, GH-209, GH-241)timestamp
template function for returning the current timestamp with
the ability to add custom formatting (GH-225, GH-230)loop
template function for iteration (GH-238, GH-221)IMPROVEMENTS:
LastIndex
and ReceivedData
from the WatcherparseJSON
during multi-evaluationBUG FIXES:
BREAKING CHANGES:
ssl
configuration option from templates - use an ssl
configuration block with enabled = true
insteadssl_no_verify
configuration option from templates - use an ssl
configuration block with verify = false
instead-ssl-no-verify
to -ssl-verify
- to disable SSL
certification validation on the command line, use -ssl-verify=false
auth
configuration option from templates - use an auth
configuration block with enabled = true
combined with username = ...
and
password = ...
inside the block insteadFEATURES:
log_level
as a configuration file option-log-level
as a CLI optionIMPROVEMENTS:
NodeAddress
field to health services to always include the node's
addresswatch.WaitVar
for parsing Wait structs via Go's flag parsing
library.BUG FIXES:
once
mode and templates have
not changed (GH-188)-ssl
and -retry
on the CLIFEATURES:
-max-stale
to specify Consul Template may talk to non-leader Consul
nodes if they are less than the maximum stale value (GH-183)BUG FIXES:
IMPROVEMENTS:
BUG FIXES:
@
is
still a restricted character because it denotes the datacenter) (GH-170)FEATURES:
BREAKING CHANGES:
storeKeyPrefix
template function - it has been replaced with ls
and/or tree
and was deprecated in 0.2.0Key()
from dependency interfaceIMPROVEMENTS:
hashicorp/consul/api
instead of armon/consul-api
BUG FIXES:
BUG FIXES:
util
package as it is a code smell and separate Watcher
and
Dependency
structs and functions into their own packages for re-use
(GH-137)FEATURES:
SIGHUP
services
template function for listing all services and associated
tags in the Consul catalog (GH-77)BUG FIXES:
-config
(GH-126)IMPROVEMENTS:
-retry
interval for Consul timeouts and
connection errors (GH-22)FEATURES:
env
template function for reading an environment variable in the
current process into the templateregexReplaceAll
template functionBUG FIXES:
golint
and go vet
errorsls
and tree
receive this by proxy)parseJSON
to handle top-level JSON objectstree
and ls
(folder nodes)IMPROVEMENTS:
BUG FIXES:
IMPROVEMENTS:
go vet
FEATURES:
Contains
method to Service.Tags
-config
, in
addition to a filenodes
template functionBUG FIXES:
service
dependencies default
to the current datacenter if one is not explicitly givenls
call (GH-54)IMPROVEMENTS:
service
nodes by passing an additional
parameter to service
FEATURES:
parseJSON
pipe
functionfile
template functiontoLower()
for converting a string to lowercasetoTitle()
for converting a string to titlecasetoUpper()
for converting a string to uppercasereplaceAll()
for replacing occurrences of a
substring with a new stringtree
function for returning all key prefixes recursivelyls
function for returning all keys in the top-level prefix (but not
deeply nested ones)BUG FIXES:
IMPROVEMENTS:
DEPRECATIONS:
keyPrefix
is deprecated in favor or tree
and ls
and will be removed in
the next major releaseBUG FIXES:
-h
flag/
) in service names_
) in service names.
) in tag namesIMPROVEMENTS:
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。