docs: Update agent autoauth sinks examples (#17229)

hashicorp · Sep 21, 2022 · c3c323d · c3c323d
1 parent d8b7fbd
commit c3c323d
Showing 1 changed file with 125 additions and 3 deletions.
diff --git a/website/content/docs/agent/autoauth/index.mdx b/website/content/docs/agent/autoauth/index.mdx
@@ -198,11 +198,52 @@ These configuration values are common to all Sinks:
 - `config` `(object: required)` - Configuration of the sink itself. See the
   sidebar for information about each sink.
 
-### Auto Auth Example
+### Auto Auth Examples
+
+Auto-Auth configuration objects take two separate forms when specified in HCL
+and JSON. The following examples are meant to clarify the differences between
+the two formats.
+
+#### Sinks (HCL Format)
+
+The HCL format may define any number of sink objects with an optional wrapping
+`sinks {...}` object.
+
+~> Note: The [corresponding JSON format](#sinks-json-format) _must_ specify a
+`"sinks" : [...]` array to encapsulate all `sink` JSON objects.
 
 ```hcl
-# Other Vault Agent configuration blocks
-# ...
+// Other Vault Agent configuration blocks
+// ...
+
+auto_auth {
+  method {
+    type = "approle"
+
+    config = {
+      role_id_file_path = "/etc/vault/roleid"
+      secret_id_file_path = "/etc/vault/secretid"
+    }
+  }
+
+  sinks {
+    sink {
+      type = "file"
+
+      config = {
+        path = "/tmp/file-foo"
+      }
+    }
+  }
+}
+```
+
+The following valid HCL omits the wrapping `sinks` object while specifying
+multiple sinks.
+
+```hcl
+// Other Vault Agent configuration blocks
+// ...
 
 auto_auth {
   method {
@@ -221,5 +262,86 @@ auto_auth {
       path = "/tmp/file-foo"
     }
   }
+
+  sink {
+    type = "file"
+
+    config = {
+      path = "/tmp/file-bar"
+    }
+  }
 }
 ```
+
+#### Sinks (JSON format)
+
+The following JSON configuration illustrates the need for a `sinks: [...]` array
+wrapping any number of `sink` objects.
+
+```json
+{
+  "auto_auth" : {
+    "method" : [
+      {
+        type = "approle"
+
+        config = {
+          role_id_file_path = "/etc/vault/roleid"
+          secret_id_file_path = "/etc/vault/secretid"
+        }
+      }
+    ],
+    "sinks" : [
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-foo"
+          }
+        }
+      }
+    ]
+  }
+}
+```
+
+Multiple sinks are defined by appending more `sink` objects within the `sinks`
+array:
+
+```json
+{
+  "auto_auth" : {
+    "method" : [
+      {
+        type = "approle"
+
+        config = {
+          role_id_file_path = "/etc/vault/roleid"
+          secret_id_file_path = "/etc/vault/secretid"
+        }
+      }
+    ],
+    "sinks" : [
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-foo"
+          }
+        }
+      },
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-bar"
+          }
+        }
+      }
+    ]
+  }
+}
+```