From bfd26c66459536577f85f78b6c1c6a3ef58e9e2e Mon Sep 17 00:00:00 2001
From: jace-ys <jaceys.tan@gmail.com>
Date: Tue, 10 Dec 2019 14:41:21 +0000
Subject: [PATCH 1/2] Remove check for presence of secrets

theatre-envconsul assumes that your app needs secrets when you opt-in by
annotating your service. when it doesn't find the vault: prefix, it errors
as envconsul hangs when provided no secrets. we have now changed that
assumption as gc-app now adds that annotation to every service, causing apps
that don't use the vault: prefix (currently everything) to crash loop.

with this change in our fork of envconsul, we no longer have to worry about
envconsul hanging when no secrets are provided.
---
 cmd/theatre-envconsul/main.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/cmd/theatre-envconsul/main.go b/cmd/theatre-envconsul/main.go
index 41b046b1..d0036015 100644
--- a/cmd/theatre-envconsul/main.go
+++ b/cmd/theatre-envconsul/main.go
@@ -140,10 +140,6 @@ func mainError(ctx context.Context, command string) (err error) {
 			}
 		}
 
-		if len(secretEnv) == 0 {
-			return errors.New("no 'vault:' prefix found in config or environment")
-		}
-
 		envconsulConfig := execVaultOptions.EnvconsulConfig(secretEnv, vaultToken, *execTheatreEnvconsulBinary, *execCommand)
 		configJSONContents, err := json.Marshal(envconsulConfig)
 		if err != nil {

From ec1c6550886ffa4f3d10adcd6fe17caba51a1fb1 Mon Sep 17 00:00:00 2001
From: jace-ys <jaceys.tan@gmail.com>
Date: Tue, 10 Dec 2019 17:24:58 +0000
Subject: [PATCH 2/2] Pull in envconsul fork in Docker image

---
 Dockerfile | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2d79a188..58afd492 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,10 @@ FROM golang:1.13.4 as builder
 WORKDIR /go/src/github.com/gocardless/theatre
 COPY . /go/src/github.com/gocardless/theatre
 RUN make VERSION=$(cat VERSION) build
+# Clone our fork of envconsul and build it
+RUN git clone https://github.com/gocardless/envconsul.git \
+      && make -C envconsul linux/amd64 \
+      && mv envconsul/pkg/linux_amd64/envconsul bin
 
 # Use ubuntu as our base package to enable generic system tools
 FROM ubuntu:bionic-20191029
@@ -13,22 +17,9 @@ RUN set -x \
       && apt-get update -y \
       && apt-get install -y --no-install-recommends \
                             ca-certificates \
-                            curl \
-                            unzip \
       && apt-get clean -y \
       && rm -rf /var/lib/apt/lists/*
 
-# Install envconsul for theatre-envconsul
-ENV ENVCONSUL_VERSION=0.9.1 \
-    ENVCONSUL_SHA256=b58d032ad61937eca9def17482807124fa1bafac7e7bb5e025ea8a28d9c6ce42
-
-RUN set -x \
-    && curl -o /tmp/envconsul.zip -fsL https://releases.hashicorp.com/envconsul/0.9.1/envconsul_${ENVCONSUL_VERSION}_linux_amd64.zip \
-    && echo ${ENVCONSUL_SHA256} /tmp/envconsul.zip | sha256sum -c \
-    && unzip /tmp/envconsul.zip -d /tmp \
-    && mv /tmp/envconsul /usr/local/bin/ \
-    && rm /tmp/envconsul.zip
-
 WORKDIR /
 COPY --from=builder /go/src/github.com/gocardless/theatre/bin/* /usr/local/bin/
 ENTRYPOINT ["/bin/bash"]