weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Mount path now hard codes /login endpoint in code

Browse Source 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
This commit is contained in:
JoshVanL 2019-11-12 18:37:54 +00:00
parent 7ec3103eb4
commit 0e739bdde9
8 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/charts/cert-manager/crds/clusterissuers.yaml
View File

@ -1473,10 +1473,11 @@ spec:
- secretRef
properties:
mountPath:
description: The vault here is the path to use when authenticating
with vault, for example setting a value to `/v1/auth/foo/login`.
If unspecified, the default value "/v1/auth/kubernetes/login"
will be used.
description: The Vault mountPath here is the mount path
to use when authenticating with Vault. For example, setting
a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login`
to authenticate with Vault. If unspecified, the default
value "/v1/auth/kubernetes" will be used.
type: string
role:
description: A required field containing the Vault Role

9
deploy/charts/cert-manager/crds/issuers.yaml
View File

@ -1473,10 +1473,11 @@ spec:
- secretRef
properties:
mountPath:
description: The vault here is the path to use when authenticating
with vault, for example setting a value to `/v1/auth/foo/login`.
If unspecified, the default value "/v1/auth/kubernetes/login"
will be used.
description: The Vault mountPath here is the mount path
to use when authenticating with Vault. For example, setting
a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login`
to authenticate with Vault. If unspecified, the default
value "/v1/auth/kubernetes" will be used.
type: string
role:
description: A required field containing the Vault Role

18
deploy/manifests/00-crds.yaml
View File

@ -3257,10 +3257,11 @@ spec:
- secretRef
properties:
mountPath:
description: The vault here is the path to use when authenticating
with vault, for example setting a value to `/v1/auth/foo/login`.
If unspecified, the default value "/v1/auth/kubernetes/login"
will be used.
description: The Vault mountPath here is the mount path
to use when authenticating with Vault. For example, setting
a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login`
to authenticate with Vault. If unspecified, the default
value "/v1/auth/kubernetes" will be used.
type: string
role:
description: A required field containing the Vault Role
@ -4911,10 +4912,11 @@ spec:
- secretRef
properties:
mountPath:
description: The vault here is the path to use when authenticating
with vault, for example setting a value to `/v1/auth/foo/login`.
If unspecified, the default value "/v1/auth/kubernetes/login"
will be used.
description: The Vault mountPath here is the mount path
to use when authenticating with Vault. For example, setting
a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login`
to authenticate with Vault. If unspecified, the default
value "/v1/auth/kubernetes" will be used.
type: string
role:
description: A required field containing the Vault Role

2
docs/generated/reference/output/reference/api-docs/index.html
View File

@ -2691,7 +2691,7 @@ Appears In:
</thead>
<tbody><tr>
<td><code>mountPath</code><br /> <em>string</em></td>
<td>The vault here is the path to use when authenticating with vault, for example setting a value to <code>/v1/auth/foo/login</code>. If unspecified, the default value &#34;/v1/auth/kubernetes/login&#34; will be used.</td>
<td>The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to <code>/v1/auth/foo</code>, will use the path <code>/v1/auth/foo/login</code> to authenticate with Vault. If unspecified, the default value &#34;/v1/auth/kubernetes&#34; will be used.</td>
</tr>
<tr>
<td><code>role</code><br /> <em>string</em></td>

5
pkg/apis/certmanager/v1alpha2/const.go
View File

@ -37,6 +37,7 @@ const (
DefaultVaultTokenAuthSecretKey = "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes/login)
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes/login"
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
DefaultVaultKubernetesAuthMountPath = "/v1/auth/kubernetes"
)

7
pkg/apis/certmanager/v1alpha2/types_issuer.go
View File

@ -193,9 +193,10 @@ type VaultAppRole struct {
// Authenticate against Vault using a Kubernetes ServiceAccount token stored in
// a Secret.
type VaultKubernetesAuth struct {
// The vault here is the path to use when authenticating with vault, for
// example setting a value to `/v1/auth/foo/login`. If unspecified, the
// default value "/v1/auth/kubernetes/login" will be used.
// The Vault mountPath here is the mount path to use when authenticating with
// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
// default value "/v1/auth/kubernetes" will be used.
// +optional
Path string `json:"mountPath,omitempty"`

4
pkg/internal/vault/vault.go
View File

@ -22,6 +22,7 @@ import (
"fmt"
"net/http"
"path"
"path/filepath"
"strings"
"time"
@ -317,7 +318,8 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1
mountPath = v1alpha2.DefaultVaultKubernetesAuthMountPath
}
request := client.NewRequest("POST", mountPath)
url := filepath.Join(mountPath, "login")
request := client.NewRequest("POST", url)
err = request.SetJSONBody(parameters)
if err != nil {
return "", fmt.Errorf("error encoding Vault parameters: %s", err.Error())

2
test/e2e/suite/issuers/vault/issuer.go
View File

@ -63,7 +63,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() {
vaultKubernetesRoleName := "kubernetes-role"
vaultPath := path.Join(intermediateMount, "sign", role)
appRoleAuthPath := "approle"
kubernetesAuthPath := "/v1/auth/kubernetes/login"
kubernetesAuthPath := "/v1/auth/kubernetes"
var roleId, secretId string
var vaultInit *vaultaddon.VaultInitializer