diff --git a/.yamllint.yml b/.yamllint.yml index addf0aa1..b591aeae 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -5,3 +5,6 @@ rules: line-length: max: 80 level: warning + +ignore: | + /deploy/crds/*_crd.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f257c8f..b868d2a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased] +## [v0.2.1] - 2020-09-10 ### Changed - Apply the default Syn project meta files ([#90]) - Replaced playbook.yml with custom command ([#100]) +- Make Vault secret engine path configurable ([#103]) ## [v0.2.0] - 2020-07-23 ### Added @@ -83,6 +84,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [v0.1.4]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.4 [v0.1.5]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.5 [v0.2.0]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.2.0 +[v0.2.1]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.2.1 + [#62]: https://github.com/projectsyn/lieutenant-operator/pull/62 [#71]: https://github.com/projectsyn/lieutenant-operator/pull/71 [#76]: https://github.com/projectsyn/lieutenant-operator/pull/76 @@ -90,3 +93,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [#85]: https://github.com/projectsyn/lieutenant-operator/pull/85 [#88]: https://github.com/projectsyn/lieutenant-operator/pull/88 [#90]: https://github.com/projectsyn/lieutenant-operator/pull/90 +[#100]: https://github.com/projectsyn/lieutenant-operator/pull/100 +[#103]: https://github.com/projectsyn/lieutenant-operator/pull/103 diff --git a/docs/modules/ROOT/pages/references/configuration.adoc b/docs/modules/ROOT/pages/references/configuration.adoc index c803b7ae..72b5214a 100644 --- a/docs/modules/ROOT/pages/references/configuration.adoc +++ b/docs/modules/ROOT/pages/references/configuration.adoc @@ -17,6 +17,10 @@ Lieutenant Operator is configured via environment variables: |Sets the Vault token to be used, only recommended for testing. In production the https://www.vaultproject.io/docs/auth/kubernetes[K8s authentication] should be used by omitting the setting. | +|VAULT_SECRET_ENGINE_PATH +|Configures the mount path of the KV secret engine to be used. +|`kv` + |SKIP_VAULT_SETUP |Doesn't create any Vault secrets. Recommended for testing only. |false diff --git a/pkg/vault/client.go b/pkg/vault/client.go index 63734e8d..267e4b27 100644 --- a/pkg/vault/client.go +++ b/pkg/vault/client.go @@ -78,9 +78,14 @@ func newBankVaultClient(deletionPolicy synv1alpha1.DeletionPolicy, log logr.Logg client.RawClient().SetToken(os.Getenv(api.EnvVaultToken)) } + secretEngine := os.Getenv("VAULT_SECRET_ENGINE_PATH") + if secretEngine == "" { + secretEngine = "kv" + } + return &BankVaultClient{ client: client, - secretEngine: "kv", + secretEngine: secretEngine, deletionPolicy: deletionPolicy, log: log, }, nil diff --git a/pkg/vault/client_test.go b/pkg/vault/client_test.go index 4e931cb8..fe567990 100644 --- a/pkg/vault/client_test.go +++ b/pkg/vault/client_test.go @@ -85,6 +85,7 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { } tests := []struct { name string + mountPath string args args wantErr bool statusCode int @@ -112,6 +113,29 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { }`, statusCode: 200, }, + { + name: "test different path", + mountPath: "clusters/kv", + args: args{ + secrets: []VaultSecret{{Path: "some/test", Value: ""}}, + token: "test", + log: zap.Logger(), + }, + body: `{ + "data": { + "data": { + "foo": "bar" + }, + "metadata": { + "created_time": "2018-03-22T02:24:06.945319214Z", + "deletion_time": "", + "destroyed": false, + "version": 2 + } + } + }`, + statusCode: 200, + }, { name: "test error", wantErr: true, @@ -131,6 +155,7 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { os.Setenv(api.EnvVaultToken, "myroot") os.Setenv(api.EnvVaultAddress, server.URL) + os.Setenv("VAULT_SECRET_ENGINE_PATH", tt.mountPath) defer server.Close()