From 31f9d56d5256936dae4a0307fb412c96e916d7d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20R=C3=BCegg?= Date: Thu, 10 Sep 2020 11:04:22 +0200 Subject: [PATCH 1/3] Make Vault secret engine path configurable --- CHANGELOG.md | 4 +++ .../ROOT/pages/references/configuration.adoc | 4 +++ pkg/vault/client.go | 7 +++++- pkg/vault/client_test.go | 25 +++++++++++++++++++ 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f257c8f..e2b03bd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Apply the default Syn project meta files ([#90]) - Replaced playbook.yml with custom command ([#100]) +- Make Vault secret engine path configurable ([#103]) ## [v0.2.0] - 2020-07-23 ### Added @@ -83,6 +84,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [v0.1.4]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.4 [v0.1.5]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.5 [v0.2.0]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.2.0 + [#62]: https://github.com/projectsyn/lieutenant-operator/pull/62 [#71]: https://github.com/projectsyn/lieutenant-operator/pull/71 [#76]: https://github.com/projectsyn/lieutenant-operator/pull/76 @@ -90,3 +92,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [#85]: https://github.com/projectsyn/lieutenant-operator/pull/85 [#88]: https://github.com/projectsyn/lieutenant-operator/pull/88 [#90]: https://github.com/projectsyn/lieutenant-operator/pull/90 +[#100]: https://github.com/projectsyn/lieutenant-operator/pull/100 +[#103]: https://github.com/projectsyn/lieutenant-operator/pull/103 diff --git a/docs/modules/ROOT/pages/references/configuration.adoc b/docs/modules/ROOT/pages/references/configuration.adoc index c803b7ae..72b5214a 100644 --- a/docs/modules/ROOT/pages/references/configuration.adoc +++ b/docs/modules/ROOT/pages/references/configuration.adoc @@ -17,6 +17,10 @@ Lieutenant Operator is configured via environment variables: |Sets the Vault token to be used, only recommended for testing. In production the https://www.vaultproject.io/docs/auth/kubernetes[K8s authentication] should be used by omitting the setting. | +|VAULT_SECRET_ENGINE_PATH +|Configures the mount path of the KV secret engine to be used. +|`kv` + |SKIP_VAULT_SETUP |Doesn't create any Vault secrets. Recommended for testing only. |false diff --git a/pkg/vault/client.go b/pkg/vault/client.go index 63734e8d..267e4b27 100644 --- a/pkg/vault/client.go +++ b/pkg/vault/client.go @@ -78,9 +78,14 @@ func newBankVaultClient(deletionPolicy synv1alpha1.DeletionPolicy, log logr.Logg client.RawClient().SetToken(os.Getenv(api.EnvVaultToken)) } + secretEngine := os.Getenv("VAULT_SECRET_ENGINE_PATH") + if secretEngine == "" { + secretEngine = "kv" + } + return &BankVaultClient{ client: client, - secretEngine: "kv", + secretEngine: secretEngine, deletionPolicy: deletionPolicy, log: log, }, nil diff --git a/pkg/vault/client_test.go b/pkg/vault/client_test.go index 4e931cb8..fe567990 100644 --- a/pkg/vault/client_test.go +++ b/pkg/vault/client_test.go @@ -85,6 +85,7 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { } tests := []struct { name string + mountPath string args args wantErr bool statusCode int @@ -112,6 +113,29 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { }`, statusCode: 200, }, + { + name: "test different path", + mountPath: "clusters/kv", + args: args{ + secrets: []VaultSecret{{Path: "some/test", Value: ""}}, + token: "test", + log: zap.Logger(), + }, + body: `{ + "data": { + "data": { + "foo": "bar" + }, + "metadata": { + "created_time": "2018-03-22T02:24:06.945319214Z", + "deletion_time": "", + "destroyed": false, + "version": 2 + } + } + }`, + statusCode: 200, + }, { name: "test error", wantErr: true, @@ -131,6 +155,7 @@ func TestBankVaultClient_AddSecrets(t *testing.T) { os.Setenv(api.EnvVaultToken, "myroot") os.Setenv(api.EnvVaultAddress, server.URL) + os.Setenv("VAULT_SECRET_ENGINE_PATH", tt.mountPath) defer server.Close() From 5057e93353d7d13944af5b1ff09b4683accff69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20R=C3=BCegg?= Date: Thu, 10 Sep 2020 11:21:12 +0200 Subject: [PATCH 2/3] Ignore generated CRD YAML files --- .yamllint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.yamllint.yml b/.yamllint.yml index addf0aa1..b591aeae 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -5,3 +5,6 @@ rules: line-length: max: 80 level: warning + +ignore: | + /deploy/crds/*_crd.yaml From b29400fa1ac2ddb8499bfdb6cf80e76a6bfccf83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20R=C3=BCegg?= Date: Thu, 10 Sep 2020 11:25:20 +0200 Subject: [PATCH 3/3] Prepare release v0.2.1 --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2b03bd5..b868d2a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased] +## [v0.2.1] - 2020-09-10 ### Changed - Apply the default Syn project meta files ([#90]) @@ -84,6 +84,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [v0.1.4]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.4 [v0.1.5]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.1.5 [v0.2.0]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.2.0 +[v0.2.1]: https://github.com/projectsyn/lieutenant-operator/releases/tag/v0.2.1 [#62]: https://github.com/projectsyn/lieutenant-operator/pull/62 [#71]: https://github.com/projectsyn/lieutenant-operator/pull/71