VAULT-12095 Support multiple config files for Vault Agent (#18403)

* VAULT-12095 Code changes for multi-config * VAULT-12095 typo * VAULT-12095 make vault non-nil during update * VAULT-12095 docs * VAULT-12095 small refactor * VAULT-12095 typos
hashicorp · Jan 3, 2023 · c2abccc · c2abccc
1 parent 8d7e70c
commit c2abccc
Show file tree

Hide file tree

Showing 13 changed files with 737 additions and 401 deletions.
diff --git a/changelog/18403.txt b/changelog/18403.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+agent/config: Allow config directories to be specified with -config, and allow multiple -configs to be supplied.
+```
diff --git a/command/agent.go b/command/agent.go
@@ -16,6 +16,8 @@ import (
 	"sync"
 	"time"
 
+	ctconfig "github.com/hashicorp/consul-template/config"
+
 	"github.com/hashicorp/vault/command/agent/sink/inmem"
 
 	systemd "github.com/coreos/go-systemd/daemon"
@@ -186,32 +188,30 @@ func (c *AgentCommand) Run(args []string) int {
 	}
 
 	// Validation
-	if len(c.flagConfigs) != 1 {
-		c.UI.Error("Must specify exactly one config path using -config")
+	if len(c.flagConfigs) < 1 {
+		c.UI.Error("Must specify exactly at least one config path using -config")
 		return 1
 	}
 
-	// Load the configuration file
-	config, err := agentConfig.LoadConfig(c.flagConfigs[0])
-	if err != nil {
-		c.UI.Error(fmt.Sprintf("Error loading configuration from %s: %s", c.flagConfigs[0], err))
-		return 1
-	}
+	config := agentConfig.NewConfig()
 
-	// Ensure at least one config was found.
-	if config == nil {
-		c.UI.Output(wrapAtLength(
-			"No configuration read. Please provide the configuration with the " +
-				"-config flag."))
-		return 1
+	for _, configPath := range c.flagConfigs {
+		configFromPath, err := agentConfig.LoadConfig(configPath)
+		if err != nil {
+			c.UI.Error(fmt.Sprintf("Error loading configuration from %s: %s", configPath, err))
+			return 1
+		}
+		config = config.Merge(configFromPath)
 	}
 
-	if config.AutoAuth == nil && config.Cache == nil {
-		c.UI.Error("No auto_auth or cache block found in config file")
+	err := config.ValidateConfig()
+	if err != nil {
+		c.UI.Error(fmt.Sprintf("Error loading configuration: %s", err))
 		return 1
 	}
+
 	if config.AutoAuth == nil {
-		c.UI.Info("No auto_auth block found in config file, not starting automatic authentication feature")
+		c.UI.Info("No auto_auth block found in config, not starting automatic authentication feature")
 	}
 
 	c.updateConfig(f, config)
@@ -417,7 +417,12 @@ func (c *AgentCommand) Run(args []string) int {
 	// confuse the issue of retries for auth failures which have their own
 	// config and are handled a bit differently.
 	if os.Getenv(api.EnvVaultMaxRetries) == "" {
-		client.SetMaxRetries(config.Vault.Retry.NumRetries)
+		client.SetMaxRetries(ctconfig.DefaultRetryAttempts)
+		if config.Vault != nil {
+			if config.Vault.Retry != nil {
+				client.SetMaxRetries(config.Vault.Retry.NumRetries)
+			}
+		}
 	}
 
 	enforceConsistency := cache.EnforceConsistencyNever
@@ -977,6 +982,10 @@ func (c *AgentCommand) Run(args []string) int {
 // on the precedence (env var overrides file config, cli overrides env var).
 // It mutates the config object supplied.
 func (c *AgentCommand) updateConfig(f *FlagSets, config *agentConfig.Config) {
+	if config.Vault == nil {
+		config.Vault = &agentConfig.Vault{}
+	}
+
 	f.updateLogConfig(config.SharedConfig)
 
 	f.Visit(func(fl *flag.Flag) {