From 6c012d55ce8a636db645b8ac78e30672064e9ceb Mon Sep 17 00:00:00 2001 From: phuhung273 Date: Fri, 20 Dec 2024 15:34:52 +0000 Subject: [PATCH 1/3] init --- agent-inject/agent/agent.go | 11 +++++ agent-inject/agent/annotations.go | 21 +++++++++ agent-inject/agent/config.go | 8 ++-- agent-inject/handler.go | 2 + subcommand/injector/command.go | 78 ++++++++++++++++--------------- subcommand/injector/flags.go | 13 ++++++ 6 files changed, 92 insertions(+), 41 deletions(-) diff --git a/agent-inject/agent/agent.go b/agent-inject/agent/agent.go index 4750b5bf..7066f063 100644 --- a/agent-inject/agent/agent.go +++ b/agent-inject/agent/agent.go @@ -355,6 +355,11 @@ type VaultAgentTemplateConfig struct { // that the Vault Agent templating engine can use for a particular Vault host. This limit // includes connections in the dialing, active, and idle states. MaxConnectionsPerHost int64 + + // LeaseRenewalThreshold configure how long Vault Agent's template + // engine should wait for to refresh dynamic, non-renewable leases, measured as + // a fraction of the lease duration. + LeaseRenewalThreshold float64 } // New creates a new instance of Agent by parsing all the Kubernetes annotations. @@ -526,10 +531,16 @@ func New(pod *corev1.Pod) (*Agent, error) { return nil, err } + leaseRenewalThreshold, err := agent.templateConfigLeaseRenewalThreshold() + if err != nil { + return nil, err + } + agent.VaultAgentTemplateConfig = VaultAgentTemplateConfig{ ExitOnRetryFailure: exitOnRetryFailure, StaticSecretRenderInterval: pod.Annotations[AnnotationTemplateConfigStaticSecretRenderInterval], MaxConnectionsPerHost: maxConnectionsPerHost, + LeaseRenewalThreshold: leaseRenewalThreshold, } agent.EnableQuit, err = agent.getEnableQuit() diff --git a/agent-inject/agent/annotations.go b/agent-inject/agent/annotations.go index 1f2e46da..e287a243 100644 --- a/agent-inject/agent/annotations.go +++ b/agent-inject/agent/annotations.go @@ -295,6 +295,11 @@ const ( // includes connections in the dialing, active, and idle states. AnnotationTemplateConfigMaxConnectionsPerHost = "vault.hashicorp.com/template-max-connections-per-host" + // AnnotationTemplateConfigMaxConnectionsPerHost configure how long Vault Agent's template + // engine should wait for to refresh dynamic, non-renewable leases, measured as + // a fraction of the lease duration. + AnnotationTemplateConfigLeaseRenewalThreshold = "vault.hashicorp.com/template-max-lease-renewal-threshold" + // AnnotationAgentEnableQuit configures whether the quit endpoint is // enabled in the injected agent config AnnotationAgentEnableQuit = "vault.hashicorp.com/agent-enable-quit" @@ -365,6 +370,7 @@ type AgentConfig struct { ExitOnRetryFailure bool StaticSecretRenderInterval string MaxConnectionsPerHost int64 + LeaseRenewalThreshold float64 AuthMinBackoff string AuthMaxBackoff string DisableIdleConnections string @@ -553,6 +559,10 @@ func Init(pod *corev1.Pod, cfg AgentConfig) error { pod.ObjectMeta.Annotations[AnnotationTemplateConfigMaxConnectionsPerHost] = strconv.FormatInt(cfg.MaxConnectionsPerHost, 10) } + if _, ok := pod.ObjectMeta.Annotations[AnnotationTemplateConfigLeaseRenewalThreshold]; !ok { + pod.ObjectMeta.Annotations[AnnotationTemplateConfigLeaseRenewalThreshold] = strconv.FormatFloat(cfg.LeaseRenewalThreshold, 'f', 2, 64) + } + if minBackoffString, ok := pod.ObjectMeta.Annotations[AnnotationAgentAuthMinBackoff]; ok { if minBackoffString != "" { _, err := time.ParseDuration(minBackoffString) @@ -865,6 +875,17 @@ func (a *Agent) templateConfigMaxConnectionsPerHost() (int64, error) { return parseutil.ParseInt(raw) } +func (a *Agent) templateConfigLeaseRenewalThreshold() (float64, error) { + raw, ok := a.Annotations[AnnotationTemplateConfigLeaseRenewalThreshold] + if !ok { + return 0, nil + } + + // TODO: use parseutil + // Dependency: https://github.com/hashicorp/go-secure-stdlib/issues/152 + return strconv.ParseFloat(raw, 64) +} + func (a *Agent) getAutoAuthExitOnError() (bool, error) { raw, ok := a.Annotations[AnnotationAgentAutoAuthExitOnError] if !ok { diff --git a/agent-inject/agent/config.go b/agent-inject/agent/config.go index d2bbcd9b..c2cd985b 100644 --- a/agent-inject/agent/config.go +++ b/agent-inject/agent/config.go @@ -122,9 +122,10 @@ type CachePersist struct { // TemplateConfig defines the configuration for template_config in Vault Agent type TemplateConfig struct { - ExitOnRetryFailure bool `json:"exit_on_retry_failure"` - StaticSecretRenderInterval string `json:"static_secret_render_interval,omitempty"` - MaxConnectionsPerHost int64 `json:"max_connections_per_host,omitempty"` + ExitOnRetryFailure bool `json:"exit_on_retry_failure"` + StaticSecretRenderInterval string `json:"static_secret_render_interval,omitempty"` + MaxConnectionsPerHost int64 `json:"max_connections_per_host,omitempty"` + LeaseRenewalThreshold float64 `json:"lease_renewal_threshold,omitempty"` } // Telemetry defines the configuration for agent telemetry in Vault Agent. @@ -267,6 +268,7 @@ func (a *Agent) newConfig(init bool) ([]byte, error) { ExitOnRetryFailure: a.VaultAgentTemplateConfig.ExitOnRetryFailure, StaticSecretRenderInterval: a.VaultAgentTemplateConfig.StaticSecretRenderInterval, MaxConnectionsPerHost: a.VaultAgentTemplateConfig.MaxConnectionsPerHost, + LeaseRenewalThreshold: a.VaultAgentTemplateConfig.LeaseRenewalThreshold, }, DisableIdleConnections: a.DisableIdleConnections, DisableKeepAlives: a.DisableKeepAlives, diff --git a/agent-inject/handler.go b/agent-inject/handler.go index f30282cb..b26463f9 100644 --- a/agent-inject/handler.go +++ b/agent-inject/handler.go @@ -74,6 +74,7 @@ type Handler struct { ExitOnRetryFailure bool StaticSecretRenderInterval string MaxConnectionsPerHost int64 + LeaseRenewalThreshold float64 AuthMinBackoff string AuthMaxBackoff string DisableIdleConnections string @@ -244,6 +245,7 @@ func (h *Handler) Mutate(req *admissionv1.AdmissionRequest) MutateResponse { ExitOnRetryFailure: h.ExitOnRetryFailure, StaticSecretRenderInterval: h.StaticSecretRenderInterval, MaxConnectionsPerHost: h.MaxConnectionsPerHost, + LeaseRenewalThreshold: h.LeaseRenewalThreshold, AuthMinBackoff: h.AuthMinBackoff, AuthMaxBackoff: h.AuthMaxBackoff, DisableIdleConnections: h.DisableIdleConnections, diff --git a/subcommand/injector/command.go b/subcommand/injector/command.go index a9dd601b..60c8ea3d 100644 --- a/subcommand/injector/command.go +++ b/subcommand/injector/command.go @@ -45,44 +45,45 @@ import ( type Command struct { UI cli.Ui - flagListen string // Address of Vault Server - flagLogLevel string // Log verbosity - flagLogFormat string // Log format - flagCACertFile string // TLS CA Certificate to serve - flagCertFile string // TLS Certificate to serve - flagKeyFile string // TLS private key to serve - flagExitOnRetryFailure bool // Set template_config.exit_on_retry_failure on agent - flagStaticSecretRenderInterval string // Set template_config.static_secret_render_interval on agent - flagMaxConnectionsPerHost int64 // Set template_config.max_connections_per_host on agent - flagAutoName string // MutatingWebhookConfiguration for updating - flagAutoHosts string // SANs for the auto-generated TLS cert. - flagVaultService string // Name of the Vault service - flagVaultCACertBytes string // CA Cert to trust for TLS with Vault. - flagProxyAddress string // HTTP proxy address used to talk to the Vault service - flagVaultImage string // Name of the Vault Image to use - flagVaultAuthType string // Type of Vault Auth Method to use - flagVaultAuthPath string // Mount path of the Vault Auth Method - flagVaultNamespace string // Vault enterprise namespace - flagRevokeOnShutdown bool // Revoke Vault Token on pod shutdown - flagRunAsUser string // User (uid) to run Vault agent as - flagRunAsGroup string // Group (gid) to run Vault agent as - flagRunAsSameUser bool // Run Vault agent as the User (uid) of the first application container - flagSetSecurityContext bool // Set SecurityContext in injected containers - flagTelemetryPath string // Path under which to expose metrics - flagUseLeaderElector bool // Use leader elector code - flagDefaultTemplate string // Toggles which default template to use - flagResourceRequestCPU string // Set CPU request in the injected containers - flagResourceRequestMem string // Set Memory request in the injected containers - flagResourceRequestEphemeral string // Set Ephemeral Storage request in the injected containers - flagResourceLimitCPU string // Set CPU limit in the injected containers - flagResourceLimitMem string // Set Memory limit in the injected containers - flagResourceLimitEphemeral string // Set Ephemeral storage limit in the injected containers - flagTLSMinVersion string // Minimum TLS version supported by the webhook server - flagTLSCipherSuites string // Comma-separated list of supported cipher suites - flagAuthMinBackoff string // Auth min backoff on failure - flagAuthMaxBackoff string // Auth min backoff on failure - flagDisableIdleConnections string // Idle connections control - flagDisableKeepAlives string // Keep-alives control + flagListen string // Address of Vault Server + flagLogLevel string // Log verbosity + flagLogFormat string // Log format + flagCACertFile string // TLS CA Certificate to serve + flagCertFile string // TLS Certificate to serve + flagKeyFile string // TLS private key to serve + flagExitOnRetryFailure bool // Set template_config.exit_on_retry_failure on agent + flagStaticSecretRenderInterval string // Set template_config.static_secret_render_interval on agent + flagMaxConnectionsPerHost int64 // Set template_config.max_connections_per_host on agent + flagLeaseRenewalThreshold float64 // Set template_config.lease_renewal_threshold on agent + flagAutoName string // MutatingWebhookConfiguration for updating + flagAutoHosts string // SANs for the auto-generated TLS cert. + flagVaultService string // Name of the Vault service + flagVaultCACertBytes string // CA Cert to trust for TLS with Vault. + flagProxyAddress string // HTTP proxy address used to talk to the Vault service + flagVaultImage string // Name of the Vault Image to use + flagVaultAuthType string // Type of Vault Auth Method to use + flagVaultAuthPath string // Mount path of the Vault Auth Method + flagVaultNamespace string // Vault enterprise namespace + flagRevokeOnShutdown bool // Revoke Vault Token on pod shutdown + flagRunAsUser string // User (uid) to run Vault agent as + flagRunAsGroup string // Group (gid) to run Vault agent as + flagRunAsSameUser bool // Run Vault agent as the User (uid) of the first application container + flagSetSecurityContext bool // Set SecurityContext in injected containers + flagTelemetryPath string // Path under which to expose metrics + flagUseLeaderElector bool // Use leader elector code + flagDefaultTemplate string // Toggles which default template to use + flagResourceRequestCPU string // Set CPU request in the injected containers + flagResourceRequestMem string // Set Memory request in the injected containers + flagResourceRequestEphemeral string // Set Ephemeral Storage request in the injected containers + flagResourceLimitCPU string // Set CPU limit in the injected containers + flagResourceLimitMem string // Set Memory limit in the injected containers + flagResourceLimitEphemeral string // Set Ephemeral storage limit in the injected containers + flagTLSMinVersion string // Minimum TLS version supported by the webhook server + flagTLSCipherSuites string // Comma-separated list of supported cipher suites + flagAuthMinBackoff string // Auth min backoff on failure + flagAuthMaxBackoff string // Auth min backoff on failure + flagDisableIdleConnections string // Idle connections control + flagDisableKeepAlives string // Keep-alives control flagSet *flag.FlagSet @@ -222,6 +223,7 @@ func (c *Command) Run(args []string) int { ExitOnRetryFailure: c.flagExitOnRetryFailure, StaticSecretRenderInterval: c.flagStaticSecretRenderInterval, MaxConnectionsPerHost: c.flagMaxConnectionsPerHost, + LeaseRenewalThreshold: c.flagLeaseRenewalThreshold, AuthMinBackoff: c.flagAuthMinBackoff, AuthMaxBackoff: c.flagAuthMaxBackoff, DisableIdleConnections: c.flagDisableIdleConnections, diff --git a/subcommand/injector/flags.go b/subcommand/injector/flags.go index 468cec2e..2c6737ab 100644 --- a/subcommand/injector/flags.go +++ b/subcommand/injector/flags.go @@ -50,6 +50,10 @@ type Specification struct { // AGENT_INJECT_TEMPLATE_MAX_CONNECTIONS_PER_HOST environment variable. TemplateConfigMaxConnectionsPerHost string `envconfig:"AGENT_INJECT_TEMPLATE_MAX_CONNECTIONS_PER_HOST"` + // TemplateConfigLeaseRenewalThreshold is the + // AGENT_INJECT_TEMPLATE_LEASE_RENEWAL_THRESHOLD environment variable. + TemplateConfigLeaseRenewalThreshold string `envconfig:"AGENT_INJECT_TEMPLATE_LEASE_RENEWAL_THRESHOLD"` + // TLSAuto is the AGENT_INJECT_TLS_AUTO environment variable. TLSAuto string `envconfig:"tls_auto"` @@ -298,6 +302,15 @@ func (c *Command) parseEnvs() error { } } + if envs.TemplateConfigLeaseRenewalThreshold != "" { + // TODO: use parseutil + // Dependency: https://github.com/hashicorp/go-secure-stdlib/issues/152 + c.flagLeaseRenewalThreshold, err = strconv.ParseFloat(envs.TemplateConfigLeaseRenewalThreshold, 64) + if err != nil { + return err + } + } + if envs.TLSAuto != "" { c.flagAutoName = envs.TLSAuto } From a68916bb0e493623d2e653b141ae533da7e4e8d0 Mon Sep 17 00:00:00 2001 From: phuhung273 Date: Sat, 21 Dec 2024 05:55:54 +0000 Subject: [PATCH 2/3] unit test --- agent-inject/agent/agent.go | 41 +++++++++++++------------- agent-inject/agent/annotations.go | 6 ++-- agent-inject/agent/annotations_test.go | 35 +++++++++++----------- agent-inject/agent/config_test.go | 15 ++++++++++ subcommand/injector/flags.go | 2 ++ subcommand/injector/flags_test.go | 28 ++++++++++++++++++ 6 files changed, 87 insertions(+), 40 deletions(-) diff --git a/agent-inject/agent/agent.go b/agent-inject/agent/agent.go index 7066f063..ad581e4d 100644 --- a/agent-inject/agent/agent.go +++ b/agent-inject/agent/agent.go @@ -17,26 +17,27 @@ import ( ) const ( - DefaultVaultImage = "hashicorp/vault:1.18.2" - DefaultVaultAuthType = "kubernetes" - DefaultVaultAuthPath = "auth/kubernetes" - DefaultAgentRunAsUser = 100 - DefaultAgentRunAsGroup = 1000 - DefaultAgentRunAsSameUser = false - DefaultAgentAllowPrivilegeEscalation = false - DefaultAgentDropCapabilities = "ALL" - DefaultAgentSetSecurityContext = true - DefaultAgentReadOnlyRoot = true - DefaultAgentCacheEnable = "false" - DefaultAgentCacheUseAutoAuthToken = "true" - DefaultAgentCacheListenerPort = "8200" - DefaultAgentCacheExitOnErr = false - DefaultAgentUseLeaderElector = false - DefaultAgentInjectToken = false - DefaultTemplateConfigExitOnRetryFailure = true - DefaultServiceAccountMount = "/var/run/secrets/vault.hashicorp.com/serviceaccount" - DefaultEnableQuit = false - DefaultAutoAuthEnableOnExit = false + DefaultVaultImage = "hashicorp/vault:1.18.2" + DefaultVaultAuthType = "kubernetes" + DefaultVaultAuthPath = "auth/kubernetes" + DefaultAgentRunAsUser = 100 + DefaultAgentRunAsGroup = 1000 + DefaultAgentRunAsSameUser = false + DefaultAgentAllowPrivilegeEscalation = false + DefaultAgentDropCapabilities = "ALL" + DefaultAgentSetSecurityContext = true + DefaultAgentReadOnlyRoot = true + DefaultAgentCacheEnable = "false" + DefaultAgentCacheUseAutoAuthToken = "true" + DefaultAgentCacheListenerPort = "8200" + DefaultAgentCacheExitOnErr = false + DefaultAgentUseLeaderElector = false + DefaultAgentInjectToken = false + DefaultTemplateConfigExitOnRetryFailure = true + DefaultTemplateConfigLeaseRenewalThreshold = 0.9 + DefaultServiceAccountMount = "/var/run/secrets/vault.hashicorp.com/serviceaccount" + DefaultEnableQuit = false + DefaultAutoAuthEnableOnExit = false ) // Agent is the top level structure holding all the diff --git a/agent-inject/agent/annotations.go b/agent-inject/agent/annotations.go index e287a243..8643f0c7 100644 --- a/agent-inject/agent/annotations.go +++ b/agent-inject/agent/annotations.go @@ -295,10 +295,10 @@ const ( // includes connections in the dialing, active, and idle states. AnnotationTemplateConfigMaxConnectionsPerHost = "vault.hashicorp.com/template-max-connections-per-host" - // AnnotationTemplateConfigMaxConnectionsPerHost configure how long Vault Agent's template + // AnnotationTemplateConfigLeaseRenewalThreshold configure how long Vault Agent's template // engine should wait for to refresh dynamic, non-renewable leases, measured as // a fraction of the lease duration. - AnnotationTemplateConfigLeaseRenewalThreshold = "vault.hashicorp.com/template-max-lease-renewal-threshold" + AnnotationTemplateConfigLeaseRenewalThreshold = "vault.hashicorp.com/template-config-lease-renewal-threshold" // AnnotationAgentEnableQuit configures whether the quit endpoint is // enabled in the injected agent config @@ -878,7 +878,7 @@ func (a *Agent) templateConfigMaxConnectionsPerHost() (int64, error) { func (a *Agent) templateConfigLeaseRenewalThreshold() (float64, error) { raw, ok := a.Annotations[AnnotationTemplateConfigLeaseRenewalThreshold] if !ok { - return 0, nil + return DefaultTemplateConfigLeaseRenewalThreshold, nil } // TODO: use parseutil diff --git a/agent-inject/agent/annotations_test.go b/agent-inject/agent/annotations_test.go index 757e0964..a9940bef 100644 --- a/agent-inject/agent/annotations_test.go +++ b/agent-inject/agent/annotations_test.go @@ -23,23 +23,24 @@ import ( func basicAgentConfig() AgentConfig { return AgentConfig{ - Image: "foobar-image", - Address: "http://foobar:8200", - AuthType: DefaultVaultAuthType, - AuthPath: "test", - Namespace: "test", - RevokeOnShutdown: true, - UserID: "100", - GroupID: "1000", - SameID: DefaultAgentRunAsSameUser, - SetSecurityContext: DefaultAgentSetSecurityContext, - ProxyAddress: "http://proxy:3128", - DefaultTemplate: DefaultTemplateType, - ResourceRequestCPU: DefaultResourceRequestCPU, - ResourceRequestMem: DefaultResourceRequestMem, - ResourceLimitCPU: DefaultResourceLimitCPU, - ResourceLimitMem: DefaultResourceLimitMem, - ExitOnRetryFailure: DefaultTemplateConfigExitOnRetryFailure, + Image: "foobar-image", + Address: "http://foobar:8200", + AuthType: DefaultVaultAuthType, + AuthPath: "test", + Namespace: "test", + RevokeOnShutdown: true, + UserID: "100", + GroupID: "1000", + SameID: DefaultAgentRunAsSameUser, + SetSecurityContext: DefaultAgentSetSecurityContext, + ProxyAddress: "http://proxy:3128", + DefaultTemplate: DefaultTemplateType, + ResourceRequestCPU: DefaultResourceRequestCPU, + ResourceRequestMem: DefaultResourceRequestMem, + ResourceLimitCPU: DefaultResourceLimitCPU, + ResourceLimitMem: DefaultResourceLimitMem, + ExitOnRetryFailure: DefaultTemplateConfigExitOnRetryFailure, + LeaseRenewalThreshold: DefaultTemplateConfigLeaseRenewalThreshold, } } diff --git a/agent-inject/agent/config_test.go b/agent-inject/agent/config_test.go index bdacb3f0..993ea2dd 100644 --- a/agent-inject/agent/config_test.go +++ b/agent-inject/agent/config_test.go @@ -642,6 +642,7 @@ func TestConfigVaultAgentTemplateConfig(t *testing.T) { &TemplateConfig{ ExitOnRetryFailure: true, MaxConnectionsPerHost: 0, + LeaseRenewalThreshold: 0.9, }, }, { @@ -652,6 +653,7 @@ func TestConfigVaultAgentTemplateConfig(t *testing.T) { &TemplateConfig{ ExitOnRetryFailure: false, MaxConnectionsPerHost: 0, + LeaseRenewalThreshold: 0.9, }, }, { @@ -663,6 +665,7 @@ func TestConfigVaultAgentTemplateConfig(t *testing.T) { ExitOnRetryFailure: true, StaticSecretRenderInterval: "10s", MaxConnectionsPerHost: 0, + LeaseRenewalThreshold: 0.9, }, }, { @@ -673,6 +676,17 @@ func TestConfigVaultAgentTemplateConfig(t *testing.T) { &TemplateConfig{ ExitOnRetryFailure: true, MaxConnectionsPerHost: 100, + LeaseRenewalThreshold: 0.9, + }, + }, + { + "lease_renewal_threshold 0.5", + map[string]string{ + AnnotationTemplateConfigLeaseRenewalThreshold: "0.5", + }, + &TemplateConfig{ + ExitOnRetryFailure: true, + LeaseRenewalThreshold: 0.5, }, }, { @@ -681,6 +695,7 @@ func TestConfigVaultAgentTemplateConfig(t *testing.T) { &TemplateConfig{ ExitOnRetryFailure: true, MaxConnectionsPerHost: 0, + LeaseRenewalThreshold: 0.9, }, }, } diff --git a/subcommand/injector/flags.go b/subcommand/injector/flags.go index 2c6737ab..54dc8021 100644 --- a/subcommand/injector/flags.go +++ b/subcommand/injector/flags.go @@ -165,6 +165,8 @@ func (c *Command) init() { fmt.Sprintf("Value for Agent's template_config.exit_on_retry_failure. Defaults to %t.", agent.DefaultTemplateConfigExitOnRetryFailure)) c.flagSet.StringVar(&c.flagStaticSecretRenderInterval, "template-static-secret-render-interval", "", "Value for Agent's template_config.exit_on_retry_failure.") + c.flagSet.Float64Var(&c.flagLeaseRenewalThreshold, "template-config-lease-renewal-threshold", agent.DefaultTemplateConfigLeaseRenewalThreshold, + "Value for Agent's template_config.lease_renewal_threshold.") c.flagSet.StringVar(&c.flagAutoName, "tls-auto", "", "MutatingWebhookConfiguration name. If specified, will auto generate cert bundle.") c.flagSet.StringVar(&c.flagAutoHosts, "tls-auto-hosts", "", diff --git a/subcommand/injector/flags_test.go b/subcommand/injector/flags_test.go index 25cfbea1..ee2beb9a 100644 --- a/subcommand/injector/flags_test.go +++ b/subcommand/injector/flags_test.go @@ -227,3 +227,31 @@ func TestCommandEnvInts(t *testing.T) { }) } } + +func TestCommandEnvFloats(t *testing.T) { + var cmd Command + tests := []struct { + env string + value float64 + cmdPtr *float64 + }{ + {env: "AGENT_INJECT_TEMPLATE_LEASE_RENEWAL_THRESHOLD", value: 0.5, cmdPtr: &cmd.flagLeaseRenewalThreshold}, + } + + for _, tt := range tests { + t.Run(tt.env, func(t *testing.T) { + if err := os.Setenv(tt.env, strconv.FormatFloat(tt.value, 'f', 2, 64)); err != nil { + t.Errorf("got error setting env, shouldn't have: %s", err) + } + defer os.Unsetenv(tt.env) + + if err := cmd.parseEnvs(); err != nil { + t.Errorf("got error parsing envs, shouldn't have: %s", err) + } + + if *tt.cmdPtr != tt.value { + t.Errorf("env wasn't parsed, should have been: got %f, expected %f", *tt.cmdPtr, tt.value) + } + }) + } +} From 9e01007b04e613e0c4806b718801fd7ef927999b Mon Sep 17 00:00:00 2001 From: phuhung273 Date: Sat, 21 Dec 2024 06:07:39 +0000 Subject: [PATCH 3/3] CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2489b8de..1f503cda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## Unreleased +Features: +* Add support for `lease_renewal_threshold ` within Agent injector [GH-721](https://github.com/hashicorp/vault-k8s/pull/721) ## 1.6.1 (December 16, 2024)