From 85d740978a844ebc0e5bdde423374d6e6dcad310 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Mon, 27 Apr 2026 11:41:13 +0200 Subject: [PATCH] Add `vault.addr` and `vault.loginMethod` to the metadata discovery endpoint These fields are suitable to configure client tooling (e.g. Vault CLI) to connect to the Vault instance associated with the Lieutenant instance. --- .../ROOT/pages/references/configuration.adoc | 10 ++ main.go | 2 + openapi.yaml | 12 ++ pkg/api/openapi.go | 167 +++++++++--------- pkg/service/api_service.go | 11 ++ pkg/service/api_service_test.go | 6 + 6 files changed, 128 insertions(+), 80 deletions(-) diff --git a/docs/modules/ROOT/pages/references/configuration.adoc b/docs/modules/ROOT/pages/references/configuration.adoc index 2cd13a54..cec66059 100644 --- a/docs/modules/ROOT/pages/references/configuration.adoc +++ b/docs/modules/ROOT/pages/references/configuration.adoc @@ -32,6 +32,16 @@ It's returned on the discovery URI and will be picked up by Commodore It's returned on the discovery URI and will be picked up by Commodore |Empty +|VAULT_ADDR +|The URI of the Vault instance associated with the Lieutenant instance. +If not empty, it's returned on the discovery URI and can be picked up by client tooling. +|Empty + +|VAULT_LOGIN_METHOD +|The login method to use for the Vault instance associated with the Lieutenant instance. +If not empty, it's returned on the discovery URI and can be picked up by client tooling. +|Empty + |K8S_AUTH_CLIENT_CACHE_SIZE |For each new API client (identified by the auth token), a Kubernetes client will be instantiated to pass through the request with the same token, which usually takes 2 seconds. The K8s client instance will be cached for subsequent API calls and this setting controls how many instances to keep in memory. diff --git a/main.go b/main.go index 2b25edf5..23e65f3f 100644 --- a/main.go +++ b/main.go @@ -26,6 +26,8 @@ func main() { Namespace: os.Getenv("NAMESPACE"), OidcDiscoveryURL: os.Getenv("OIDC_DISCOVERY_URL"), OidcCLientID: os.Getenv("OIDC_CLIENT_ID"), + VaultAddr: os.Getenv("VAULT_ADDR"), + VaultLoginMethod: os.Getenv("VAULT_LOGIN_METHOD"), } e, err := service.NewAPIServer(conf) diff --git a/openapi.yaml b/openapi.yaml index c8a976dd..741562c8 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -33,6 +33,16 @@ components: description: > A unique object identifier string. Automatically generated by the API on creation (in the form "---" where all letters are lowercase, max 63 characters in total). + VaultConfig: + type: object + required: + - addr + properties: + addr: + type: string + format: uri-template + loginMethod: + type: string OIDCConfig: type: object required: @@ -53,6 +63,8 @@ components: type: string oidc: $ref: '#/components/schemas/OIDCConfig' + vault: + $ref: '#/components/schemas/VaultConfig' TenantProperties: type: object description: |- diff --git a/pkg/api/openapi.go b/pkg/api/openapi.go index c5febb0a..dd43eb03 100644 --- a/pkg/api/openapi.go +++ b/pkg/api/openapi.go @@ -215,8 +215,9 @@ type Inventory struct { // Metadata defines model for Metadata. type Metadata struct { - ApiVersion string `json:"apiVersion"` - Oidc *OIDCConfig `json:"oidc,omitempty"` + ApiVersion string `json:"apiVersion"` + Oidc *OIDCConfig `json:"oidc,omitempty"` + Vault *VaultConfig `json:"vault,omitempty"` } // OIDCConfig defines model for OIDCConfig. @@ -277,6 +278,12 @@ type TenantProperties struct { GlobalGitRepoURL *string `json:"globalGitRepoURL,omitempty"` } +// VaultConfig defines model for VaultConfig. +type VaultConfig struct { + Addr string `json:"addr"` + LoginMethod *string `json:"loginMethod,omitempty"` +} + // ClusterIdParameter A unique object identifier string. Automatically generated by the API on creation (in the form "---" where all letters are lowercase, max 63 characters in total). type ClusterIdParameter Id @@ -3544,84 +3551,84 @@ func RegisterHandlersWithBaseURL(router EchoRouter, si ServerInterface, baseURL // Base64 encoded, gzipped, json marshaled Swagger object var swaggerSpec = []string{ - "H4sIAAAAAAAC/+w8aVMbubZ/RdXvVU1S1wtgwwxU3XoXTAKeECDYkMmE1EPuPm0L1FJHUgNOiv/+Sktv", - "7vaSBMJ9c+cbdEvnHJ1NZ2t/9XwexZwBU9Lb+erFWOAIFAjzX48mUoHoB6fpY/00AOkLEivCmbfj7ROp", - "CPMVIgHiIVITQL7d1vIaHtFLYqwmXsNjOAJvx/NToF7DE/A5IQICb0eJBBqe9CcQYY3kvwWE3o73X+2c", - "vrZ9K9v9wHt4aHhDYJipbyVOmV1zaFMO5I+R9qB3y5gzCYaN+xDihCr9p8+ZAmb+xHFMiY81pe1rqcn9", - "uiKSM8B6vUFUPu8uCiwulBKA7oiaIIyE2dMyjHNwNJpdxrgyNMgq986ZVCLxVSIgQDcwRbeYJoAiHCN9", - "DkwYYWOExYgogcUURaBwgBX2Gh7c4yimoGFGnBHFBWHjlpyyluKcyrak2NvxNrrtX9EZYF+RW/AaXv7e", - "CkJLpKlFQ0HKZsxZ0Fzf6HS9h4anprEWGB9dg6/0A6erhrOUnoTezsfFXMyU23torLTS6tuqq08Fj0Eo", - "AtJ7+JTT1+NRTCi8BYWrDC+8TDksEWEhF5GREcIjniijxhRLhXyz3r4ycu7xKOIBF6D1O84pMJrnXu0l", - "hAZ9FnLDqiAgejump6XVjr1Sabl5FT3rVYAhIg1doQDQ9KKRflMiXkDMhYIAjaZmaQYEjQjT+pNICFDI", - "Re0B9YkqQh9TPsK0ysgD8zznoQZYJMX5gnG2LCTjRNh3S6ko83VM1GBSI8sDogaHuylbxsSAiYhC+qnD", - "b1DZx4Xj5Uw3zqkC+RSrSQo3Nn8zSQLI8Gg+S21yU3Q3AWFflM9IJJKKCwhq0SaihqXnZ0cpUv1nysES", - "vlpotyAkse6tDPHCvkihunXZJVIkuHXJepihmBOmkOIII4XHDTQSmPkTxAXCbIq4moBwFIUggPlQQ1Cd", - "7yBMKsx8K9B5JjHXVPtutzuPsYYl1ls4K0aZD0EpHbXWa9fUU+K2W0Zqh7kIckVCf6vw/38VLtOVqqRc", - "6gKrKiKXeMBLNpyACQdm9K0eXK3f1kCdBVWZepS/TFEokqMwBMnE90HKMKGz3tme0NvxAqygqTfWq6V/", - "g8ffafDfb+hFBdY6Z+SOHDF/3y1/fcM8dXq31C5TBf2OoCiNnWd5YuPXpZhVtuzvoOg/V3EXpFivsa9q", - "HKR57FwfTmsAyO5uoYHOMn1M6TQ7hE0q2zapjDERslXOHH3Kk8Db8fCd9BpeQDS1o8Sh4zEwOSGh6ppk", - "fWyfQtK8A6ma64tyxH5gSh0ljSXBilWHeUAX3R27GTsCCIk1NssXe5kelBWUaKtPDK8izPA4T5l2T/sI", - "swDhRPExMBBYQeCASDnZh5jy6RuYojtCKRpBcf9AwR0WQcVWcbkEsIgFxWrBQ8Pzy7nsCklxMft9MCKN", - "KZ4em+JLTe1Gv0THxfDCJfkFNfHeTrWVTBGJdHppXFe2qprGThmOiJ+p8CKa9+3aktY/NLxwlb2zm8ZE", - "nUHMl207cMuy1NY9OINbUu8vrOrYt9oJJGnJp5LfisS6uRnvpJVHOxt8AxLFAnwItJNA/Bast8+gF+xW", - "45oAGma1tFwct+utjVanjvcmIqT0/Oyo3pEqjkJQ/gS5hVp5SQhSSXPzOP3NTAmPgakWMtQbdeeMTrXO", - "S1CIlPTlF4kUvwHn4vXaW0xJUCZ8olQsd9ptHBNTqLqVE9ZioNqOnLa0BLSuJWf/Y+D98zJZW+v4EnwB", - "aqifmAdgPBIOThidpuXDCjfsNftj8i1d1c8s3wWucZgFJGXPMy9Q6c8Ua5HSJ0jlPgLK2VhLtERXlFBF", - "fC7iWtLyau7HFO2nGoLrTL7qmOwiFC688HYFoBgE4YG79pIgxq76dSq4XoQGU2bcuZzwhAaIcZXqb4SZ", - "uQBmbsSbZASCgQJ5kQcQptK2j5U+ysbaxnpzrdtc3xqub++sdXe63T+9zFMLb8cb+55xRz0TYXk73m/B", - "Wrez8dtGF2+HwXb31+5o69f1zm+jX7c6a36nE278thl0Ohuh3TYUAPout5V8wMw+zsgx+rHW2vrHTUeu", - "63c8fzXm6631zdb6mtfwInzNNTl6TUSY+XtDv4gpVjom9XY8Slhy38ZRsNWt16+D3KvOJmvFwK58vTay", - "yzW7QQvXa+V6DNI7tYplMDhEcTKixDfpcBvZteYf7bGcSpSjTB8rTPl4hijnxxxqEwJUr+6yIUo5aUKw", - "sbm5vo12d3d3e53jL7i3Tv/c768fD19t6mf9/YNtvPn+7ii58+/fnk2D48/9Lg+TL38kvth7Ex+c3J5e", - "bJ+edMfJ9SWrc9oTLtUbmMr6098wfseQXiOLwa8Eob3LC2OTlDBAMZeSjCgYvpjHMTVFBPmydKgxURSP", - "Wj6P0Ern2w2T3uGbi+H15+T+Vm313m6p4KA7OIrX9xRrsxM4PHy1eX7y5SwIL1kBOPiBxE05wRtNRqSK", - "Nza3DJJXGxfXfx4eT47+OOYfhn01iuiX4HB3ejz8YPCV/9/b23s9ePv5y+9wsS3Ov5x3b94TdXANZ93T", - "9wO8sT04/fz7enhxM1HXncO77fvro4s/Lj6I8+139MN7cXL0x178buvN++vR9XB/GOzfcD55/WU8evXh", - "n/XCsA8qgojBJyEBqW89bOsKzqOUI8A852JKcEpBtNCua+rwEP2SMLf4FxQBZhIR9Ys0XinCrAAj31+S", - "nQ5KV86cXieU1uVMsyq+026PifrXmKhJYkTXxn4E2s/r5zyWzWia9hvHRK12L9kEYDZGTxj5rDlhliES", - "AFOarQJZUC20mygeZWlMnffQF6cvwFr6C2JvUdMOufRsrEBBKRA2TGjaRzjQCMktlJ4ynrDSg4CMiZL2", - "0aXnslgdJlmQEmEBiPI7ED6W0EARvkdbHeRPsMC+WaDp4QrTl6169eqzW2DaG9VcyekrFGCFXTkrC7Nn", - "atV5J64mBiygqKacxWs6BVN3T79NO42VmALHpHA1VvBzEvjLgvCT/n7PXiAVmgrQ68gq7KwQ5lMCprVc", - "210j0tcB2fTc2kpWxEwEaSqI9KUISwObEpRGjrGOVNdDrjED2yk2jjrvYs/KWMzZPjQBpQEQgZR4DCWD", - "3gMf6wiWh26VXHooh6n+DHnUPEvevHj6rC6WxstLNg8L8ENQCERWaz7nid6yVr87iOkh54H0aljSCYml", - "aOzC2ZZ1tv0RqyUVTDUa6KL+AELCnqJaskspys+D4N6HWNk2hvahPLbdgKIzbz1i2WSlqkexqeISlqIh", - "7foRoB4X8byG3irVhqr+/sS6w4pFgxI5taWDSiRR19T//vDCgls1tnhoeBL8RBA1HWguW13ZAyxA7Ca2", - "cD0y/71OXfzv74eem8nRkOzbHNdEqdiO+hA3s2EK+L5xAxBhQr0d8+pfpmDhF6aZLgaHx2j3wHMhWFbh", - "SBdWuxOFvPStsaUImHJpESU+MGlU1sHfG+yjTrNHjUs/cq9nkfkTziVgt9uw2P0t2yMZNDtN3wBomwCX", - "KCOZIwKJ8wIW+W2eX661Nltr5i6PgeGYeDtep7XW2vBsa8AwvG2aEFBTWzjQybWLHlzuniPzDFCrMtrt", - "aWu0N6o3M9K1sbb2aONcWTBTM9BVYEQ2XWUWZRNldZAzUtvp6FlRMb2dj58ankyiCOs4bIbZ6Ixzo+p4", - "LPX9K6dSQeR90hDaLiaTc9l7RKTShpguRPgWE4p15ueiYSvPMpv1rl4KulEaQvxYMXdCFYgcgfb1lngS", - "lNMR+ML5Vjrn9zmxUiwN+nnFsb6KbVfyLC4UovqAoykKCdAyPoO+DpfkQv3vaFpClgnQbgOWRJrZ5p+M", - "tuJF8anqfD79oE4SBdGqhexCOwULgad1uuqWGhaZfOlVFKspMut1asq4k1RBK1rfr82Z/p6BSgSTCFvh", - "FLSvoMZZNvHQ8GIu6+Zo9FUPhUperrAu8Ojv62CjNu8r5XpX/vdndlc2sbtkOrPTEO+4CL4xt+sr5E/A", - "v5FpGdwZCNwTqSQaQcgFuNCGjc0Ke381bLvwjkhAISZUWmDpiW1L8srJ+SrNlHWIRZREV/Y07q4exOCn", - "R9IrrkacK6kEjk2h/MrWHUzLr+wMrBx6WXKpkwGQao8H00dzuZlW12hxqgYM7lCZinwc+KFieus/hTan", - "mUZ0oMN6r/uIF9H8ueIMMWa/mBp1iYLNGmNKmzRUAA6mTvUewditeKSTT6HTV7Hz4n3V/ppNnT9YYimo", - "uujbPJel4sZMRGBW5Hoxc1fVHSlf0q4ZqK9x4935/LSEO753fqLkDWJi6wIjEgTAHkGYdeyuc9i1oUbm", - "9m07LwE5W5YqS+4A1NOKbe1nuoCQJ8ypQXfRwEGWk0lXJQ4QCdAdltqQDZBHvYLnyqL2HsbKrxnlOY8D", - "vNgI7YpHl+Yq90wEYgxNQ/k/vkuoxSJLVbz2ZGXpFUoVihvnO7Hl+Bdnr3vo18721ssVLqifqp2JOcYz", - "uCmL+FGdVJ061mpzoubrMk8v7UVqfZqoZ9HpRxO/097ssAh/QwT1XAr6nLHbX8Q05mj36jFZe2aUrD5D", - "GyguzOhs/tVTVsoJzSR12gm8ZJesr7kauLHV7Osn7ULth0jzptt76XxsOntZmuxmgRlGlwpHsbR9tBkj", - "5lktozjt9u9v0KXZvKoarcz8FUy9JmLZ13Ds+O1fwjS+hV2zdtLwCl9SOi1sFrTQGVLA/fmFOK39wn5Y", - "aQoUAfeTCJhtQ6ARlnbKa3CHx2MQ6LxalNvX4Jd6aQX3qj1RES3LY7ZWVVWnDDHCUoLODReUKCsnmFeg", - "nACmavJlLls0ILvGlkgqpz50AFY7eEwxmdHEvCDIb2o6BtVPdilFRKKQMHj0ym7NaWu5VjfhOJ+FxW4a", - "+n1wclz6GtiVrRiA9r25RzNaP8G3elE6ypnExqGKhOm9ttjUV1mtSfBkPDEQ8ypyrzRmZyLikGinnBWx", - "UKSD87Sw5eY+XXWOAA3QlU6FWuVyVMusu6otnqWTo2ZmFL0wQGQ9FLPE1rsW4DKrzpki9MqU60IHOgBK", - "tLkbtIaxZjgQlFxGvcOrOLoKMZVwVS2r9a2MC1Pgi6rsfUYUwRRleCwb5lXT3bv59v+j2fJsm61iRm+y", - "ycjC2LDi2SyxO3ejOBZsR4jtdbNeM8vgVMcwd26qnSok4ypPyh/VitPkWlOeWo7RDnc2d7u4UxdsPBNe", - "rIWQmnphAKfWvgeAhRnCLk78VNTpndaAfGBoqTqFNLl/d4SM4riBqlL3ZPDq6FVviI52B8MX7sprmO8/", - "XqLXZydvUTblNUcFPz+p+i2cdMiYUKOW7+x5E983/vARSy1l+SDs+1wExutxlPImVYRc6PPbH+8FUbBM", - "6jbgL4r9KQLShRxdPIm2Upl+IcA8Bv1BQc1haJ1MtGG6bvbiu/ckBqYvdWP+rqLnpwFRWVQnrjv+1I63", - "QtJCX1ZdPSckcZ3CpY1mE2/MdhWX9ZqHDvgP8ibzXtrfFYd6vD0yzqZzsmGcbCSiMG0yImMzbJLlp007", - "t+LmTUiQN7JNQ7qEJR8CQi8Gych1+XiIUvQvl6HPhl0W4eey40PHpJ8rtYyz30lZ2jF2X6Q+f8NYZQqR", - "KmP6kcjydnE6ffDd3WL17N3imQavFUvW33XEFj4P0neujLEP6EU6emdaDDiCwrv8O1t9ZpEw+dKxxk+k", - "4hEIB3N2os99VZv68nkt4mE6J/EUd1CqxEsaxKpIw4/2hwsf+swz9Ecx6Myh/DAv0k/Kf3Y/OsW7ajva", - "rX/ibnSmDBUnUrjR2l/THxlbsRM9bzTNLMhs4Nuqi9WfTlutDT1MJ3N/che6iPfpmtDz5feNLeg5IjsA", - "9ZTyWvsJzs8JYln32d2Jz9t8XiTOpa3nOSK0Cx5Zik/bd67O9s9t3BXF9u/WdV6qkz+951zC+0Qt54U6", - "vHLDeY4ynybqGTT5scRe02xeORp7HrX8T4oC/xoGWG9F1fCuXPEof/Dx8ZO2DftJdF1t9Ij7mKIAboHy", - "OAKDwX5C0faqQ+jFTzQKg/unggeJb2IjW/Qof4RR+U2L1SH3mYKx+4pmDugmYep7we/D7VywAdzOgv2U", - "cX8WfuF7lVJCXx74r9JV3leYHC//XHHNzrTyXy6zZxvLj+dvzyuE5lfubGvWFQsdqLxWWAWjc2tXOcu/", - "OLD/P3x6+L8AAAD//2CuXPXgWQAA", + "H4sIAAAAAAAC/+w8+VPburr/isbvzbSdmwVIoAdm7rzL0kJOKVAS6OkpzEOxPycCWXIlGUg7/O9vtHiL", + "naUtlPvOPb+BLX369O2b883zeRRzBkxJb+ubF2OBI1AgzH+7NJEKRC84SR/rpwFIX5BYEc68LW+PSEWY", + "rxAJEA+RGgPy7baW1/CIXhJjNfYaHsMReFuenwL1Gp6ALwkREHhbSiTQ8KQ/hgjrQ/5bQOhtef/VzvFr", + "27ey3Qu8h4eGNwCGmfpe5JTZNQM35UD+HGoPereMOZNgyLgHIU6o0n/6nClg5k8cx5T4WGPavpYa3W9L", + "HnIKWK83B5Xvu40CexZKEUB3RI0RRsLsaRnCOTj6mG3GuDI4yCr1zphUIvFVIiBANzBBt5gmgCIcI30P", + "TBhhI4TFkCiBxQRFoHCAFfYaHtzjKKagYUacEcUFYaOWnLCW4pzKtqTY2/LWuu3X6BSwr8gteA0vf28Z", + "oTnS1KyhIGUz5ixorq51ut5Dw1OTWDOMD6/BV/qBk1VDWUqPQ2/r83wqZsLtPTSWWmnlbdnVJ4LHIBQB", + "6T1c5vjt8igmFN6DwlWCF16mFJaIsJCLyPAI4SFPlBFjiqVCvllvXxk+7/Io4gEXoOU7zjEwkude7SSE", + "Bj0WckOqICB6O6YnpdWOvFJpvnkVOdutAENEGrxCAaDxRUP9poS8gJgLBQEaTszSDAgaEqblJ5EQoJCL", + "2gvqG1WYPqJ8iGmVkPvmeU5DDbCIirMFo2xZSEaJsO8WYlGm64io/riGl/tE9Q+2U7KMiAETEYX0U3e+", + "Oco+LlwvJ7oxThXIJ1iNU7ix+ZtJEkB2jqaz1Co3QXdjEPZF+Y5EIqm4gKD22ETUkPTs9DA9VP+ZUrB0", + "Xi20WxCSWPNWhnhuX6RQ3brMiRQRbl2wXcxQzAlTSHGEkcKjBhoKzPwx4gJhNkFcjUE4jEIQwHyoQajO", + "dhAmFWa+ZegslZipqj23293HaMMC7S3cFaPMhqAUj1rttWvqMXHbLSG1wZwHucKhv0X4/78Il/FKRVIu", + "NIFVEZELLOAFG4zBhANT8lYPrtZua6BOg6pEPcxfpkcokh9hEJKJ74OUYUKnrbO9obflBVhBU2+sF0v/", + "Bo9+UOF/XNGLAqxlzvAdOWT+9i1/fcU8cXK3UC9TAf2BoCiNnadpYuPXhSerbNnfQdF/ruDOSbHeYl/V", + "GEjz2Jk+nNYAkN3dQn2dZfqY0kl2CZtUtm1SGWMiZKucOfqUJ4G35eE76TW8gGhsh4k7jsfA5JiEqmuS", + "9ZF9CknzDqRqrs7LEXuBKXWUJJYES1YdZgGd5zu2M3IEEBKrbJYu1pnulwWUaK1PDK0izPAoT5m2T3oI", + "swDhRPERMBBYQeCASDneg5jyyTuYoDtCKRpCcX9fwR0WQUVXcbkEMI8ExWrBQ8Pzy7nsEklxMft9MCyN", + "KZ4cmeJLTe1Gv0RHxfDCJfkFMfHeT7SWTBCJdHppTFe2qprGThiOiJ+J8Dyc9+zaktQ/NLxwmb3Tm0ZE", + "nULMF23bd8uy1NY9OIVbUm8vrOjYt9oIJGnJp5LfisSauSnrpIVHGxt8AxLFAnwItJFA/Bastc+gF/RW", + "nzUGNMhqaTk7bldba61OHe1NREjp2elhvSFVHIWg/DFyC7XwkhCkksbzOPnNVAmPgKkWMtgbceeMTrTM", + "S1CIlOTlhUSK34Az8XrtLaYkKCM+ViqWW+02jokpVN3KMWsxUG2HTltaBFrXkrP/MfD+eZGsrHR8Cb4A", + "NdBPzAMwFgkHx4xO0vJhhRrWzf4cf0uu+pn5O8c0DrKApGx5ZgUqvaliLVL6Binfh0A5G2mOlvCKEqqI", + "z0Vci1pezf2cHntZg3CdylcNk12EwrkOb1sAikEQHji3lwQxdtWvE8H1ItSfMGPO5ZgnNECMq1R+I8yM", + "A5jyiDfJEAQDBfI8DyBMpW0PK32VtZW11eZKt7m6MVjd3FrpbnW7f3qZpRbeljfyPWOOdk2E5W15vwUr", + "3c7ab2tdvBkGm93X3eHG69XOb8PXG50Vv9MJ135bDzqdtdBuGwgA7cttJR8ws48zdIx8rLQ2/nHTkav6", + "Hc9fjfhqa3W9tbriNbwIX3ONjl4TEWb+XtMvYoqVjkm9LY8Slty3cRRsdOvlaz+3qtPJWjGwK7vXRuZc", + "Mw9acK8V9xikPrV6Sr9/gOJkSIlv0uE2smvNP9piOZEoR5k+Vpjy0RRSzo65o00IUHXdZUWUctyEYG19", + "fXUTbW9vb+92jr7i3VX6515v9WjwZl0/6+3tb+L1j3eHyZ1///50Ehx96XV5mHz9I/HFzrt4//j25Hzz", + "5Lg7Sq4vWJ3RHnOp3sFE1t/+hvE7hvQaWQx+JQhtXV4anaSEAYq5lGRIwdDFPI6pKSLIV6VLjYiieNjy", + "eYSWut92mOwevDsfXH9J7m/Vxu77DRXsd/uH8eqOYm12DAcHb9bPjr+eBuEFKwAHP5C4Kcd4rcmIVPHa", + "+oY55M3a+fWfB0fjwz+O+KdBTw0j+jU42J4cDT6Z88r/7+zsvO2///L1dzjfFGdfz7o3H4nav4bT7snH", + "Pl7b7J98+X01PL8Zq+vOwd3m/fXh+R/nn8TZ5gf66aM4PvxjJ/6w8e7j9fB6sDcI9m44H7/9Ohq++fTP", + "embYBxVGxOCTkIDUXg/buoKzKOUIMM+5mBKcUhAttO2aOjxELxLmFr9AEWAmEVEvpLFKEWYFGPn+Eu90", + "ULp05vQ2obQuZ5oW8a12e0TUv0ZEjRPDujb2I9B2Xj/nsWxGk7TfOCJqOb9kE4DpGD1h5IumhFmGSABM", + "abIKZEG10HaieJSlMXXWQztOX4DV9JfEelHTDrnwbKxAQSkQNkxo2kc40AeSWyg9ZTxhpQcBGREl7aML", + "z2WxOkyyICXCAhDldyB8LKGBInyPNjrIH2OBfbNA48MVpq9a9eLVY7fAtDWqccnpKxRghV05Kwuzp2rV", + "eSeuJgYsHFFNOYtuOgVT56ffp53GSkyBY1JwjZXzOQn8RUH4cW9v1zoQk6mnrdt5W871onTP1D0KGNVd", + "pXBa5TI+JWDa0bUdOSJ9HcRNzqx+ZYXPRJCmgkg7UlgYDJWgNPIT61B1feca1bHdZWPc8873tFyIGdsH", + "Jgg1ACKQEo+gZAR2wMc66uWhWyUXXsqdVH+HPNKeRm9WDH5aF3/jxWWehznnQ1AIXpZrWOfJ4aLxAHcR", + "03fOg+/lTkmnKhYeYxdOt7mz7Y9YYamcVCOBLlMIICTsKSos25Si/D4I7n2IlW19aLvLY9tBKDqA1iOW", + "WpaqlBQbMS7JKSrSth8B2uUintUEXKZCUZXfX1irWLLQUEKnttxQiT7qBgF+PCSx4JaPR4ruo+rRgkB8", + "h31veJSPCHsPaszrHMe0d9LQL+vKvxL8RBA16WvOW1R2AAsQ24ktwA/Nf29TtH7/OPDcbJGGZN/m+I2V", + "iu3IEnGzJ6YR4RvTBBEm1Nsyr/5lCi9+YSrrvH9whLb3PRdKZpWadGG1y1LIr98b/Y6AKZfeUeIDk0aN", + "HPyd/h7qNHepcTOH7vX0Yf6YcwnY7TZsd3/L9lAGzU7TNwDaJlAnykjLIYHEWSZ7+G2eJ6+01lsrJiaJ", + "geGYeFtep7XSWvNsi8MQvG2aKVBTI9kHlc1buRpEfphngFox1qZYWwjr5b2p0bS1lZVHG0vLgrKawbQC", + "IbIpMbMonBdeZai20xG6omB6W58vG55MogjreHKK2OiUc6N+eCS1oMuJVBB5lxpC28WWciZ5D4lU2jik", + "CxG+xYRincG6qN7ys0xmvWs3Bd0oDVN+rpggQhWI/ADtfyzyJCinVfCV8410XvFLYrlYGlj0iuOJFX2v", + "5ItcKET1BYcTFBKg5fPM8XVnSS7U/w4npcMyBtptwJJIE9v8k+FWdF6XVYN4+ZMySRREyxbkC20hLASe", + "1MmqW2pIZPK+N1GsJsis1yk2445TBalo/bg0Z/J7CioRTCJsmVOQvoIYZ1nRQ8OLuaybB9LhBxQqkrnA", + "umCot6cDoNr8tZSzXvk/nqFe2QT1gukMVUO84yL4zhy1p5A/Bv9GpuV8pyBwT6SSaAghF+DCLTYyK6z/", + "ati25x2RgEJMqLTA0hvb1uqV4/NVmvHrsI8oia7sbVz80I/BT6+kV1wNOVdSCRybgv+VrZ+Y1mXZGFg+", + "7GZJsva6INUODyaPZnIzqa6R4lQMGNyhMhb5WPNDRfVWfwluTjIN60CnGl73ER3R7Pno7GDMXphaewmD", + "9RplSptNVAAOJk70HkHZLXuk40+hY1nR86K/an/LpucfLLIUVF1GYJ7LUpFmKiIwK3K5mPJVdVfKl7Rr", + "PgyoMePd2fS0iDu6d34h583BxNYqhiQIgD0CM+vIXWewa0ONzOzbtmQCcrq8VubcPqinZdvKrzQBIU+Y", + "E4PuvMGJLE+UrtodIBKgOyy1Ihsgj+qCZ/Ki1g9j5deMJJ3FAZ6vhHbFo3NzGT8TgRhB02D+jx9iarHw", + "U2WvvVmZe4XyieLG+I5tW+Hl6dtd9LqzufFqCQf1S6UzMdd4BjNlD35UI1UnjrXSnKjZssxTpz1PrE8S", + "9Swy/Wjsd9KbXRbh74ignktAnzN2+4uoxgzpXj4ma0+NxNVnaH3FhRkBzr/eyko5oZkITzuaF+yC9TRV", + "Azd+m33FpU2o/aBq1pT+bjrnm86QlibUWWCG6qXCUSxtP3BKiXlWyyhO7f37K3RpxrAqRksTfwlVr4lY", + "9jQcO0b8l1CN7yHXtJ40vMIXoU4KmwUpdIoUcH92IU5Lv7AfiJoCRcD9JAJmWyNoiKWdVuvf4dEIBDqr", + "FuX2NPiFVlrBvWqPVUTL/JiuVVXFKTsYYSlB54ZzSpSVG8wqUI4BUzX+OpMsGpBdY0sklVsfOADLXTym", + "mExJYl4Q5Dc1XYzqp8eUIiJRSBg8emW35ra1VKub1JxNwmKHD/3ePz4qfdXsylYMQNve3KIZqR/jW70o", + "HUlNYmNQRcL0Xlts6qms1iR4MhobiHkVebc0Lmgi4pBoo5wVsVCkg/O0sOXmV111jgAN0JVOhVrlclTL", + "rLuqLZ6lE7Bm9hW9NEBkPRSzxNa75pxlVp0xReiVKdeFDnQAlGh1N8cawpohR1ByEfbuXMXRVYiphKtq", + "Wa1neVyYZp9XZe8xogimKDvHkmFWNd29m63/P5stT7fZKmr0LpvwLIw/K57NRLt7N4rjzXYU2rqb1Zr5", + "Cic6hrgzU+1UIBlXeVL+qFqcJtca81RzjHS4uznv4m5d0PGMebFmQqrqhUGiWv3uAxZmmLw4uVQRpw9a", + "AvLBp4XiFNLk/sMhMoLjBsNK3ZP+m8M3uwN0uN0fvHQur2G+Y3mF3p4ev0fZtNoMEfzypOI3d/oiI0KN", + "WH6w901839jDRyy1lPmDsO9zERirx1FKm1QQcqbPbn98FETBIq7bgL/I9qcISOdSdP5E3VJl+rkA8xj0", + "Jxk1g6B1PNGK6brZ833vcQxMO3Wj/q6i56cBUZlVx647/tSGt4LSXFtWXT0jJHGdwoWNZhNvTHcVF/Wa", + "Bw74T9Ims17a3hUHjbwdMsomhrIBoWwkojABMyQjMwCT5adNO0vjZmBIkDeyTUO6dEo+mIRe9pOh6/Lx", + "EKXHv1p0fDaAM+98Ljs+dEz6uVTLOPu9l4UdY/dl7fM3jFUmEKkwph+7LG4Xp9MHP9wtVs/eLZ5q8Fq2", + "ZP1dh2zhMyftc2WMfUAv03FA02LAERTe5d8L6zuLhMlXjjR+IhWPQDiY01OG7uvg1JbPahEP0jmJp/BB", + "qRAvaBCrIg4/2x8ufLA0S9EfRaEzg/LTtEg/jf/V/ej03GXb0W79E3ejM2GoGJGCR2t/S38sbclO9KzR", + "NLMg04Hvqy5WfwJuuTb0IJ0W/sVd6OK5T9eEns2/72xBz2DZPqin5NfKLzB+jhGLus/OJz5v83keOxe2", + "nmew0C54ZC4+bd+5+r3BzMZdkW3/bl3nhTL5y3vOpXOfqOU8V4aXbjjPEOaTRD2DJD8W22uazUtHY88j", + "lv9JUeBfQwHrtaga3pUrHuUPPj5fat2wn3bX1UYPuY8pCuAWKI8jMCfYTyjaXnUIvfiJRmFw/0TwIPFN", + "bGSLHuWPMCq/zbE85B5TMHJf9swA3SRM/Sj4PbidCTaA22mwlxn1p+EXvlcpJfTlgf8qXuV9hcnx8s8u", + "1+xMK//lMnu2sfx49va8Qmh+rc+2Zl2x0IHKa4VVMDq3dpWz/IsD+//D5cP/BQAA//+Mh4SjqFoAAA==", } // GetSwagger returns the content of the embedded swagger specification file diff --git a/pkg/service/api_service.go b/pkg/service/api_service.go index 8ae5a842..068c632a 100644 --- a/pkg/service/api_service.go +++ b/pkg/service/api_service.go @@ -36,6 +36,9 @@ type APIConfig struct { OidcDiscoveryURL string OidcCLientID string + + VaultAddr string + VaultLoginMethod string } // APIContext is a custom echo context @@ -81,6 +84,14 @@ func NewAPIServer(conf APIConfig, k8sMiddleware ...KubernetesAuth) (*echo.Echo, DiscoveryUrl: conf.OidcDiscoveryURL, } } + if conf.VaultAddr != "" { + apiImpl.metadata.Vault = &api.VaultConfig{ + Addr: conf.VaultAddr, + } + if conf.VaultLoginMethod != "" { + apiImpl.metadata.Vault.LoginMethod = &conf.VaultLoginMethod + } + } e := echo.New() e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{ diff --git a/pkg/service/api_service_test.go b/pkg/service/api_service_test.go index 0178e4e4..48330335 100644 --- a/pkg/service/api_service_test.go +++ b/pkg/service/api_service_test.go @@ -260,6 +260,8 @@ func rawSetupTest(t *testing.T, obj ...client.Object) (*echo.Echo, client.Client Namespace: "default", OidcDiscoveryURL: "https://idp.example.com/.well-known/openid-configuration", OidcCLientID: "lieutenant", + VaultAddr: "https://vault.example.com/", + VaultLoginMethod: "oidc", } e, err := NewAPIServer(conf, testMiddleWare) assert.NoError(t, err) @@ -307,4 +309,8 @@ func TestDiscovery(t *testing.T) { require.NotNil(t, metadata.Oidc) assert.Equal(t, "lieutenant", metadata.Oidc.ClientId) assert.Equal(t, "https://idp.example.com/.well-known/openid-configuration", metadata.Oidc.DiscoveryUrl) + require.NotNil(t, metadata.Vault) + assert.Equal(t, "https://vault.example.com/", metadata.Vault.Addr) + require.NotNil(t, metadata.Vault.LoginMethod) + assert.Equal(t, "oidc", *metadata.Vault.LoginMethod) }