Skip to content

feat: Add support for Vault namespaces to Vault modules #554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 20, 2025
Merged

feat: Add support for Vault namespaces to Vault modules #554

merged 3 commits into from
Nov 20, 2025

Conversation

@rowansmithau
Copy link
Contributor

@rowansmithau rowansmithau commented Nov 20, 2025

Description

Adds support for accessing auth mounts/secret engines located in a non root namespace. Namespaces is a feature of Vault Enterprise.

Type of Change

  • New module
  • New template
  • Bug fix
  • Feature/enhancement
  • Documentation
  • Other

Module Information

Path: registry/coder/modules/vault-github
New version: v1.1.0
Breaking change: [ ] Yes [x] No

Path: registry/coder/modules/vault-jwt
New version: v1.2.0
Breaking change: [ ] Yes [x] No

Path: registry/coder/modules/vault-token
New version: v1.3.0
Breaking change: [ ] Yes [x] No

Testing & Validation

  • Tests pass (bun test)
  • Code formatted (bun fmt)
  • Changes tested locally

Related Issues

None

@rowansmithau rowansmithau self-assigned this Nov 20, 2025
@rowansmithau rowansmithau added the version:minor Add to PRs requiring a minor version upgrade label Nov 20, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 20, 2025

❌ Version Bump Validation Failed

Bump Type: minor

Module versions need to be updated but haven't been bumped yet.

Required Actions:

  1. Run the version bump script locally: ./.github/scripts/version-bump.sh minor
  2. Commit the changes: git add . && git commit -m "chore: bump module versions (minor)"
  3. Push the changes: git push

Script Output:

🔍 Detecting modified modules...
Found modules:
registry/coder/modules/vault-github
registry/coder/modules/vault-jwt
registry/coder/modules/vault-token

📦 Processing: coder/vault-github
Found git tag: release/coder/vault-github/v1.0.31 (v1.0.31)
Current version: 1.0.31
New version: 1.1.0
Updating version references for coder/vault-github in registry/coder/modules/vault-github/README.md
awk: cmd. line:11: error: Unmatched [, [^, [:, [., or [=: /^[[:space]]*/

📦 Processing: coder/vault-jwt
Found git tag: release/coder/vault-jwt/v1.1.1 (v1.1.1)
Current version: 1.1.1
New version: 1.2.0
Updating version references for coder/vault-jwt in registry/coder/modules/vault-jwt/README.md
awk: cmd. line:11: error: Unmatched [, [^, [:, [., or [=: /^[[:space]]*/

📦 Processing: coder/vault-token
Found git tag: release/coder/vault-token/v1.2.2 (v1.2.2)
Current version: 1.2.2
New version: 1.3.0
Updating version references for coder/vault-token in registry/coder/modules/vault-token/README.md
awk: cmd. line:11: error: Unmatched [, [^, [:, [., or [=: /^[[:space]]*/

🔧 Running formatter to ensure consistent formatting...

📋 Summary:
Bump Type: minor

Modules Updated:

- coder/vault-github: v1.0.31 → v1.1.0
- coder/vault-jwt: v1.1.1 → v1.2.0
- coder/vault-token: v1.2.2 → v1.3.0

READMEs Updated:

- coder/vault-github
- coder/vault-jwt
- coder/vault-token

✅ Version bump completed successfully!
📝 README files have been updated with new versions.

Next steps:
1. Review the changes: git diff
2. Commit the changes: git add . && git commit -m 'chore: bump module versions (minor)'
3. Push the changes: git push

Please update the module versions and push the changes to continue.

Copilot finished reviewing on behalf of DevelopmentCats November 20, 2025 16:34
Copilot AI reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for Vault Enterprise namespaces across three Vault authentication modules (vault-token, vault-jwt, and vault-github), enabling users to access auth mounts and secret engines in non-root namespaces. For the vault-token module, this activates an existing but unused variable, while the other two modules receive new functionality.

  • Adds vault_namespace variable to vault-jwt and vault-github modules; activates existing variable in vault-token
  • Implements namespace export in shell scripts before Vault authentication operations
  • Creates conditional coder_env resources to set VAULT_NAMESPACE in workspace sessions

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
registry/coder/modules/vault-token/run.sh Adds namespace variable assignment and conditional export logic
registry/coder/modules/vault-token/main.tf Passes namespace to template and adds newline at EOF
registry/coder/modules/vault-token/README.md Updates module version from 1.2.2 to 1.3.0 in examples
registry/coder/modules/vault-jwt/run.sh Adds namespace variable assignment and conditional export before authentication
registry/coder/modules/vault-jwt/main.tf Adds vault_namespace variable, passes to template, and creates conditional env resource
registry/coder/modules/vault-jwt/README.md Updates module version from 1.1.1 to 1.2.0 in examples
registry/coder/modules/vault-github/run.sh Adds namespace variable assignment and conditional export before authentication
registry/coder/modules/vault-github/main.tf Adds vault_namespace variable, passes to template, and creates conditional env resource
registry/coder/modules/vault-github/README.md Updates module version from 1.0.31 to 1.1.0 in examples

DevelopmentCats
DevelopmentCats approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@DevelopmentCats DevelopmentCats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@DevelopmentCats DevelopmentCats merged commit 5f3a559 into main Nov 20, 2025
10 checks passed
@DevelopmentCats DevelopmentCats deleted the rowansmithau/feat/vault-namespace-support branch November 20, 2025 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@DevelopmentCats DevelopmentCats DevelopmentCats approved these changes

@matifali matifali Awaiting requested review from matifali

Assignees

@rowansmithau rowansmithau

Labels

version:minor Add to PRs requiring a minor version upgrade

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rowansmithau @DevelopmentCats