implement vault template function for kv engine; add docs

template/interpolate/funcs.go

@@ -204,6 +204,8 @@ func funcGenConsul(ctx *Context) interface{} {
 		if value == "" {
 			return "", fmt.Errorf("value is empty at path %s", k)
 		}
+
+		return value, nil
 	}
 }
 
@@ -234,13 +236,20 @@ func funcGenVault(ctx *Context) interface{} {
 			return "", errors.New(fmt.Sprintf("Vault Secret does not exist at the given path."))
 		}
 
-		data := secret.Data["data"]
+		data, ok := secret.Data["data"]
-		if data == nil {
+		if !ok {
+			// maybe ths is v1, not v2 kv store
+			value, ok := secret.Data[key]
+			if ok {
+				return value.(string), nil
+			}
+
+			// neither v1 nor v2 proudced a valid value
 			return "", errors.New(fmt.Sprintf("Vault data was empty at the "+
 				"given path. Warnings: %s", strings.Join(secret.Warnings, "; ")))
 		}
 
-		value := secret.Data["data"].(map[string]interface{})[key].(string)
+		value := data.(map[string]interface{})[key].(string)
 		return value, nil
 	}
 }

website/source/docs/templates/user-variables.html.md

@@ -122,12 +122,35 @@ your template as user variables. the `vault` function is available *only*
 within the default value of a user variable, allowing you to default a user
 variable to an environment variable.
 
-An example is shown below:
+An example of using a v2 kv engine:
+
+If you store a value in vault using `vault kv put secret/hello foo=world`, you
+can access it using the following template engine:
 
 ```json
 {
   "variables": {
-    "my_secret": "{{ vault `/secret/data/foo` `bar`}}"
+    "my_secret": "{{ vault `/secret/data/hello` `foo`}}"
+  }
+}
+```
+which will assign "my_secret": "world"
+
+An example of using a v1 kv engine:
+
+If you store a value in vault using:
+
+```
+vault secrets enable -version=1 -path=secrets kv
+vault kv put secrets/hello foo=world
+```
+
+You can access it using the following template engine:
+
+```
+{
+  "variables": {
+    "VAULT_SECRETY_SECRET": "{{ vault `secrets/hello` `foo`}}"
   }
 }
 ```