Add nonce support

[stuart-c]

My previous AWS auth PR unfortunately had an omission - it didn't handle nonces. As a result it isn't possible to run gomplate a second time.

This PR fixes this oversight.

[hairyhenderson]

I'm not sure I'm a fan of 0666 as a default permission since it'll be group/other read/writable. IMO 0600 is a safer default.

Also is there even a need for this to be configurable? I'm not sure I really see a use-case where someone would need to save a nonce that's world-readable, and can't simply chmod it after gomplate runs...

[stuart-c]

I can change the default or make it non-configurable.

[hairyhenderson]

ok, I'd rather make it explicitly 0600 lower down, and also remove the option to configure

[stuart-c]

Done

[hairyhenderson]

I wonder if maybe naming this VAULT_AUTH_AWS_NONCE_FILE would be better, and making it possible to provide a nonce via a file (the case where the file exists already), or save it to that path if it's nonexistant.

[stuart-c]

That should already work as it should be using the env lookup with _FILE support

[hairyhenderson]

Oh! Good point. 🤔

In that case maybe _OUTPUT is not so bad an idea... let's just leave this as-is for now.

[hairyhenderson]

@stuart-c looks like the integration tests are failing in CI:

not ok 35 Testing ec2 vault auth
# (in test file test/integration/datasources_vault.bats, line 143)
#   `curl -o $tmpdir/certificate -s -f http://127.0.0.1:8081/certificate' failed with status 7

[stuart-c]

Not sure why the integration test has started failing

[hairyhenderson]

LGTM!

[hairyhenderson]

Not sure why the integration test has started failing

Me neither... I'll chalk it up to something timing-related, as I see it's passing now...

Thanks for this PR!

[stuart-c]

Great. Any chance of a new release?

Thanks

[hairyhenderson]

@stuart-c yup - I'll work on one soon!