Feature: Allow changing default Vault address and Kubernetes mount

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## Unreleased
 
+FEATURES:
+
+* Support for changing the default Vault address and Kubernetes mount path via CLI flag to the vault-csi-provider binary
+
 BUGS:
 
 * Added missing error handling when transforming SecretProviderClass config to a Vault request [[GH-97](https://github.com/hashicorp/vault-csi-provider/pull/97)]

internal/config/config.go

@@ -11,11 +11,6 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 )
 
-const (
-	defaultVaultAddress             string = "https://127.0.0.1:8200"
-	defaultVaultKubernetesMountPath string = "kubernetes"
-)
-
 // Config represents all of the provider's configurable behaviour from the MountRequest proto message:
 // * Parameters from the `Attributes` field.
 // * Plus the rest of the proto fields we consume.
@@ -69,13 +64,13 @@ type Secret struct {
 	SecretArgs map[string]interface{} `yaml:"secretArgs,omitempty"`
 }
 
-func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string) (Config, error) {
+func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string, defaultVaultAddr string, defaultVaultKubernetesMountPath string) (Config, error) {
 	config := Config{
 		TargetPath: targetPath,
 	}
 
 	var err error
-	config.Parameters, err = parseParameters(logger, parametersStr)
+	config.Parameters, err = parseParameters(logger, parametersStr, defaultVaultAddr, defaultVaultKubernetesMountPath)
 	if err != nil {
 		return Config{}, err
 	}
@@ -93,7 +88,7 @@ func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string)
 	return config, nil
 }
 
-func parseParameters(logger hclog.Logger, parametersStr string) (Parameters, error) {
+func parseParameters(logger hclog.Logger, parametersStr string, defaultVaultAddress string, defaultVaultKubernetesMountPath string) (Parameters, error) {
 	var params map[string]string
 	err := json.Unmarshal([]byte(parametersStr), &params)
 	if err != nil {

internal/config/config_test.go

@@ -35,6 +35,8 @@ spec:
           common_name: "internal.example.com"
         method: "PUT"
 `
+	defaultVaultAddress             = "http://127.0.0.1:8200"
+	defaultVaultKubernetesMountPath = "kubernetes"
 )
 
 func TestParseParametersFromYaml(t *testing.T) {
@@ -51,7 +53,7 @@ func TestParseParametersFromYaml(t *testing.T) {
 	require.NoError(t, err)
 
 	// This is now the form the provider receives the data in.
-	params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes))
+	params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes), defaultVaultAddress, defaultVaultKubernetesMountPath)
 	require.NoError(t, err)
 
 	require.Equal(t, Parameters{
@@ -85,7 +87,7 @@ func TestParseParameters(t *testing.T) {
 	// This file's contents are copied directly from a driver mount request.
 	parametersStr, err := ioutil.ReadFile(filepath.Join("testdata", "example-parameters-string.txt"))
 	require.NoError(t, err)
-	actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr))
+	actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr), defaultVaultAddress, defaultVaultKubernetesMountPath)
 	require.NoError(t, err)
 	expected := Parameters{
 		VaultRoleName: "example-role",
@@ -176,7 +178,7 @@ func TestParseConfig(t *testing.T) {
 	} {
 		parametersStr, err := json.Marshal(tc.parameters)
 		require.NoError(t, err)
-		cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420")
+		cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420", defaultVaultAddress, defaultVaultKubernetesMountPath)
 		require.NoError(t, err, tc.name)
 		require.Equal(t, tc.expected, cfg)
 	}
@@ -206,7 +208,7 @@ func TestParseConfig_Errors(t *testing.T) {
 	} {
 		parametersStr, err := json.Marshal(tc.parameters)
 		require.NoError(t, err)
-		_, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420")
+		_, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420", defaultVaultAddress, defaultVaultKubernetesMountPath)
 		require.Error(t, err, tc.name)
 	}
 }

internal/server/server.go

@@ -18,6 +18,8 @@ var (
 // Server implements the secrets-store-csi-driver provider gRPC service interface.
 type Server struct {
 	Logger       hclog.Logger
+	VaultAddr    string
+	VaultMount   string
 	WriteSecrets bool
 }
 
@@ -30,7 +32,7 @@ func (p *Server) Version(context.Context, *pb.VersionRequest) (*pb.VersionRespon
 }
 
 func (p *Server) Mount(ctx context.Context, req *pb.MountRequest) (*pb.MountResponse, error) {
-	cfg, err := config.Parse(p.Logger.Named("config"), req.Attributes, req.TargetPath, req.Permission)
+	cfg, err := config.Parse(p.Logger.Named("config"), req.Attributes, req.TargetPath, req.Permission, p.VaultAddr, p.VaultMount)
 	if err != nil {
 		return nil, err
 	}

main.go

@@ -24,6 +24,8 @@ var (
 	debug        = flag.Bool("debug", false, "sets log to debug level")
 	healthAddr   = flag.String("health_addr", ":8080", "configure http listener for reporting health")
 	selfVersion  = flag.Bool("version", false, "prints the version information")
+	vaultAddr    = flag.String("vault-addr", "https://127.0.0.1:8200", "default address for connecting to Vault")
+	vaultMount   = flag.String("vault-mount", "kubernetes", "default Vault mount path for Kubernetes authentication")
 	writeSecrets = flag.Bool("write_secrets", true, "write secrets directly to filesystem (true), or send secrets to CSI driver in gRPC response (false)")
 )
 
@@ -85,6 +87,8 @@ func realMain(logger hclog.Logger) error {
 
 	s := &providerserver.Server{
 		Logger:       serverLogger,
+		VaultAddr:    *vaultAddr,
+		VaultMount:   *vaultMount,
 		WriteSecrets: *writeSecrets,
 	}
 	pb.RegisterCSIDriverProviderServer(server, s)