Add support for Vault Enterprise via namespace parameter. (#66)

* Add support for Vault Enterprise via namespace parameter. * Update README.md Co-authored-by: Jathan McCollum <jathan@gmail.com> * Update nautobot_secrets_providers/providers/hashicorp.py Co-authored-by: nniehoff <github@nickniehoff.net> --------- Co-authored-by: Jathan McCollum <jathan@gmail.com> Co-authored-by: Bryan Culver <31187+bryanculver@users.noreply.github.com> Co-authored-by: nniehoff <github@nickniehoff.net>
nautobot · Apr 19, 2023 · 47b6b32 · 47b6b32
1 parent e417909
commit 47b6b32
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -172,7 +172,8 @@ PLUGINS_CONFIG = {
 - `role_id` - (optional) Required when `"auth_method": "approle"`. As with other sensitive service credentials, we recommend that you provide the role_id value as an environment variable and retrieve it with `{"role_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_ROLE_ID")}` rather than hard-coding it in your `nautobot_config.py`.
 - `secret_id` - (optional) Required when `"auth_method": "approle"`.As with other sensitive service credentials, we recommend that you provide the secret_id value as an environment variable and retrieve it with `{"secret_id": os.getenv("NAUTOBOT_HASHICORP_VAULT_SECRET_ID")}` rather than hard-coding it in your `nautobot_config.py`.
 - `login_kwargs` - (optional) Additional optional parameters to pass to the login method for [`approle`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.AppRole.login), [`aws`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Aws.iam_login) and [`kubernetes`](https://hvac.readthedocs.io/en/stable/source/hvac_api_auth_methods.html#hvac.api.auth_methods.Kubernetes.login) authentication methods.
-
+- `namespace` - (optional) Namespace to use for the [`X-Vault-Namespace` header](https://github.com/hvac/hvac/blob/main/hvac/adapters.py#L287) on all hvac client requests. Required when the [`Namespaces`](https://developer.hashicorp.com/vault/docs/enterprise/namespaces#usage) feature is enabled in Vault Enterprise.
+
 ### Delinea/Thycotic Secret Server (TSS)
 
 The Delinea/Thycotic Secret Server plugin includes two providers:

diff --git a/nautobot_secrets_providers/providers/hashicorp.py b/nautobot_secrets_providers/providers/hashicorp.py
@@ -109,12 +109,16 @@ def get_client(cls, secret=None):
         # so we use a parameter to specify the path to the ca_cert, if not provided we use the default of None
         ca_cert = vault_settings.get("ca_cert", None)
 
+        namespace = vault_settings.get("namespace", None)
+
         # Get the client and attempt to retrieve the secret.
         try:
             if auth_method == "token":
-                client = hvac.Client(url=vault_settings["url"], token=vault_settings["token"], verify=ca_cert)
+                client = hvac.Client(
+                    url=vault_settings["url"], token=vault_settings["token"], verify=ca_cert, namespace=namespace
+                )
             else:
-                client = hvac.Client(url=vault_settings["url"], verify=ca_cert)
+                client = hvac.Client(url=vault_settings["url"], verify=ca_cert, namespace=namespace)
                 if auth_method == "approle":
                     client.auth.approle.login(
                         role_id=vault_settings["role_id"],