From 109019a280dd52ae0c1892afbc6532d2b9ce0c72 Mon Sep 17 00:00:00 2001 From: Nicolas Chapurlat Date: Wed, 1 Sep 2021 17:22:41 +0200 Subject: [PATCH] TriggerAuthentication/Vault: add support for vault namespace Signed-off-by: Nicolas Chapurlat --- CHANGELOG.md | 1 + api/v1alpha1/triggerauthentication_types.go | 3 +++ pkg/scaling/resolver/hashicorpvault_handler.go | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ec0d1b19e9..6b61b3aa2c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ - Add Bearer auth for Metrics API scaler ([#2028](https://github.com/kedacore/keda/pull/2028)) - Anonymize the host in case of HTTP failure (RabbitMQ Scaler) ([#2041](https://github.com/kedacore/keda/pull/2041)) - Escape `queueName` and `vhostName` in RabbitMQ Scaler before use them in query string (bug fix) ([#2055](https://github.com/kedacore/keda/pull/2055)) +- TriggerAuthentication/Vault: add support for Vault namespace (Vault Enterprise) ([#2085](https://github.com/kedacore/keda/pull/2085)) ### Breaking Changes diff --git a/api/v1alpha1/triggerauthentication_types.go b/api/v1alpha1/triggerauthentication_types.go index 6dc4b695baf..f87fba7c2fa 100644 --- a/api/v1alpha1/triggerauthentication_types.go +++ b/api/v1alpha1/triggerauthentication_types.go @@ -120,6 +120,9 @@ type HashiCorpVault struct { Authentication VaultAuthentication `json:"authentication"` Secrets []VaultSecret `json:"secrets"` + // +optional + Namespace string `json:"namespace,omitempty"` + // +optional Credential *Credential `json:"credential,omitempty"` diff --git a/pkg/scaling/resolver/hashicorpvault_handler.go b/pkg/scaling/resolver/hashicorpvault_handler.go index 6e950fffc61..0bece409787 100644 --- a/pkg/scaling/resolver/hashicorpvault_handler.go +++ b/pkg/scaling/resolver/hashicorpvault_handler.go @@ -28,6 +28,7 @@ func NewHashicorpVaultHandler(v *kedav1alpha1.HashiCorpVault) *HashicorpVaultHan // Initialize the Vault client func (vh *HashicorpVaultHandler) Initialize(logger logr.Logger) error { config := vaultApi.DefaultConfig() + client, err := vaultApi.NewClient(config) if err != nil { return err @@ -38,6 +39,10 @@ func (vh *HashicorpVaultHandler) Initialize(logger logr.Logger) error { return err } + if len(vh.vault.Namespace) > 0 { + client.SetNamespace(vh.vault.Namespace) + } + token, err := vh.token(client) if err != nil { return err @@ -98,6 +103,7 @@ func (vh *HashicorpVaultHandler) token(client *vaultApi.Client) (string, error) } data := map[string]interface{}{"jwt": string(jwt), "role": vh.vault.Role} + secret, err := client.Logical().Write(fmt.Sprintf("auth/%s/login", vh.vault.Mount), data) if err != nil { return token, err