Merge pull request #199 from peopledoc/templates-phase-1

peopledoc · Oct 15, 2021 · a458826 · a458826
2 parents 1de6736 + b0281ab
commit a458826
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/docs/howto/templated_secrets.rst b/docs/howto/templated_secrets.rst
@@ -1,6 +1,10 @@
 Make a secret point to dynamic content
 ======================================
 
+.. warning::
+
+    This feature will be removed from Vault-CLI in the next major version.
+
 With ``vault-cli``, it's possible to have secret values be Jinja2_ templates. This is
 useful if you have multiple related secrets that you would like to retrieve as a single
 string.

diff --git a/tests/unit/test_client_base.py b/tests/unit/test_client_base.py
@@ -522,6 +522,13 @@ def test_vault_client_base_get_secret(vault, vault_contents, expected):
     assert vault.get_secret("a") == expected
 
 
+def test_vault_client_base_get_secret_deprecation_warning(vault):
+    vault.db = {"a": {"value": "!template!b"}}
+
+    with pytest.warns(DeprecationWarning):
+        assert vault.get_secret("a") == {"value": "b"}
+
+
 def test_vault_client_base_get_secret_template_root(vault):
     vault.base_path = "base"
     vault.db = {"/base/a": {"value": '!template!{{ vault("a").value }} yay'}}

diff --git a/vault_cli/client.py b/vault_cli/client.py
@@ -2,6 +2,7 @@
 import json
 import logging
 import pathlib
+import warnings
 from typing import Dict, Iterable, List, Optional, Set, Tuple, Type, Union, cast
 
 import hvac  # type: ignore
@@ -520,6 +521,14 @@ def copy_secrets(
     template_prefix = "!template!"
 
     def _render_template_value(self, secret: types.JSONValue) -> types.JSONValue:
+
+        warnings.warn(
+            DeprecationWarning(
+                "Templated values are deprecated and will be removed in the "
+                "following major versions."
+            )
+        )
+
         if isinstance(secret, dict):
             return {k: self._render_template_value(v) for k, v in secret.items()}
         if not isinstance(secret, str):