-
-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add vault auth namespace option #3157
Conversation
Signed-off-by: Blair Drummond <blaird@liatrio.com>
hi @blairdrummond ! Is there a way to add tests for this change? 🤔 |
CI tests are also failing. You can double check which tests are failing with |
Signed-off-by: Blair Drummond <blaird@liatrio.com>
Pushed the linting fix. I will try reading through the tests and see what could be added... Should I constrain my attention to the One thing I would like feedback on is the specific change in the |
I think I should move the code out of setAuth, and I'll write some tests around permutations of
|
Signed-off-by: Blair Drummond <blaird@liatrio.com>
Signed-off-by: Blair Drummond <blaird@liatrio.com>
@gusfcarvalho Did a cleanup and added some tests for setAuthNamespace. Finished up the |
Quality Gate passedIssues Measures |
Just checking if there's anything else needed on my end? |
@@ -169,3 +173,27 @@ func revokeTokenIfValid(ctx context.Context, client util.Client) error { | |||
} | |||
return nil | |||
} | |||
|
|||
func (c *client) useAuthNamespace(_ context.Context) func() { | |||
ns := "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could shift this value into the if statement since that's where it's used first.
Nice! Thanks. :) 🙇 |
Edit: I am not familiar with this code-base and am expecting that changes will be required, but can confirm that this change works as intended in my clusters. Look forward to feedback!
Problem Statement
Add
Vault.Auth.Namespace
field so that you can authenticate in one Vault namespace and use the vault token in a different namespace. This is a common-ish setupRelated Issue
No issue created yet but I can make one.
Proposed Changes
This code adds a new Namespace field in the
Vault.Auth
config, allowing ESO to authenticate against one Vault Namespace, and use that token in another namespace. This is not a breaking change, but it does introduce a new optional field into the spec. I think this is a fairly well documented Vault setupI considered alternatives, but the choices would be either:
Example manifest
Checklist
git commit --signoff
make test
make reviewable