mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

support for adding headers in vault provider (#3677)

Browse source 
* support for vault headers

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changes in crds bases for headers support

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding autogenerated files

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* removing extra---

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding headers before x-vault-Inconsistent

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changing for lint pass

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

---------

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
This commit is contained in:
abhinav1708 2024-07-15 14:57:06 +05:30 committed by GitHub
parent 4758121676
commit bdd0c7ec9a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apis/externalsecrets/v1beta1/secretstore_vault_types.go
View file

@ -86,6 +86,10 @@ type VaultProvider struct {
// https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
// +optional
ForwardInconsistent bool `json:"forwardInconsistent,omitempty"`
// Headers to be added in Vault request
// +optional
Headers map[string]string `json:"headers,omitempty"`
}
// VaultClientTLS is the configuration used for client side related TLS communication,

7
apis/externalsecrets/v1beta1/zz_generated.deepcopy.go
View file

@ -3192,6 +3192,13 @@ func (in *VaultProvider) DeepCopyInto(out *VaultProvider) {
*out = new(CAProvider)
(*in).DeepCopyInto(*out)
}
if in.Headers != nil {
in, out := &in.Headers, &out.Headers
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

5
config/crds/bases/external-secrets.io_clustersecretstores.yaml
View file

@ -4401,6 +4401,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows

5
config/crds/bases/external-secrets.io_secretstores.yaml
View file

@ -4401,6 +4401,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows

5
config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml
View file

@ -604,6 +604,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows

15
deploy/crds/bundle.yaml
View file

@ -4748,6 +4748,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
@ -10374,6 +10379,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
@ -12064,6 +12074,11 @@ spec:
the option is enabled serverside.
https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
type: boolean
headers:
additionalProperties:
type: string
description: Headers to be added in Vault request
type: object
namespace:
description: |-
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows

12
docs/api/spec.md
View file

@ -8627,6 +8627,18 @@ the option is enabled serverside.
<a href="https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header">https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header</a></p>
</td>
</tr>
<tr>
<td>
<code>headers</code></br>
<em>
map[string]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Headers to be added in Vault request</p>
</td>
</tr>
</tbody>
</table>
<h3 id="external-secrets.io/v1beta1.VaultUserPassAuth">VaultUserPassAuth

7
pkg/provider/vault/provider.go
View file

@ -149,9 +149,16 @@ func (p *Provider) initClient(ctx context.Context, c *client, client util.Client
client.SetNamespace(*vaultSpec.Namespace)
}
if vaultSpec.Headers != nil {
for hKey, hValue := range vaultSpec.Headers {
client.AddHeader(hKey, hValue)
}
}
if vaultSpec.ReadYourWrites && vaultSpec.ForwardInconsistent {
client.AddHeader("X-Vault-Inconsistent", "forward-active-node")
}
c.client = client
c.auth = client.Auth()
c.logical = client.Logical()