TriggerAuthentication/Vault: add support for vault namespace

Signed-off-by: Nicolas Chapurlat <nc@coorganix.com>
kedacore · Sep 1, 2021 · 8cddd57 · 8cddd57
1 parent 5f94b80
commit 8cddd57
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -31,6 +31,7 @@
 - Add Bearer auth for Metrics API scaler ([#2028](https://github.com/kedacore/keda/pull/2028))
 - Anonymize the host in case of HTTP failure (RabbitMQ Scaler) ([#2041](https://github.com/kedacore/keda/pull/2041))
 - Escape `queueName` and `vhostName` in RabbitMQ Scaler before use them in query string (bug fix) ([#2055](https://github.com/kedacore/keda/pull/2055))
+- TriggerAuthentication/Vault: add support for vault namespace (Vault Enterprise) ([#2085](https://github.com/kedacore/keda/pull/2085))
 
 ### Breaking Changes
 

diff --git a/api/v1alpha1/triggerauthentication_types.go b/api/v1alpha1/triggerauthentication_types.go
@@ -120,6 +120,9 @@ type HashiCorpVault struct {
 	Authentication VaultAuthentication `json:"authentication"`
 	Secrets        []VaultSecret       `json:"secrets"`
 
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+
 	// +optional
 	Credential *Credential `json:"credential,omitempty"`
 

diff --git a/pkg/scaling/resolver/hashicorpvault_handler.go b/pkg/scaling/resolver/hashicorpvault_handler.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"os"
 
 	"github.com/go-logr/logr"
 	vaultApi "github.com/hashicorp/vault/api"
@@ -28,6 +29,16 @@ func NewHashicorpVaultHandler(v *kedav1alpha1.HashiCorpVault) *HashicorpVaultHan
 // Initialize the Vault client
 func (vh *HashicorpVaultHandler) Initialize(logger logr.Logger) error {
 	config := vaultApi.DefaultConfig()
+
+	// do not take into account vault namespace env variable
+	// It prevents any conflict with env during testing, just use HashiCorpVault inputs.
+	// Vault client creation use env var to override any conf (NewClient)
+	// We should probably also unset EnvVaultToken for the same purpose.
+	err := os.Unsetenv(vaultApi.EnvVaultNamespace)
+	if err != nil {
+		return err
+	}
+
 	client, err := vaultApi.NewClient(config)
 	if err != nil {
 		return err
@@ -38,6 +49,10 @@ func (vh *HashicorpVaultHandler) Initialize(logger logr.Logger) error {
 		return err
 	}
 
+	if len(vh.vault.Namespace) > 0 {
+		client.SetNamespace(vh.vault.Namespace)
+	}
+
 	token, err := vh.token(client)
 	if err != nil {
 		return err
@@ -98,6 +113,7 @@ func (vh *HashicorpVaultHandler) token(client *vaultApi.Client) (string, error)
 		}
 
 		data := map[string]interface{}{"jwt": string(jwt), "role": vh.vault.Role}
+
 		secret, err := client.Logical().Write(fmt.Sprintf("auth/%s/login", vh.vault.Mount), data)
 		if err != nil {
 			return token, err