Add vault.addr and vault.loginMethod to the metadata discovery endpoint

docs/modules/ROOT/pages/references/configuration.adoc

@@ -32,6 +32,16 @@ It's returned on the discovery URI and will be picked up by Commodore
 It's returned on the discovery URI and will be picked up by Commodore
 |Empty
 
+|VAULT_ADDR
+|The URI of the Vault instance associated with the Lieutenant instance.
+If not empty, it's returned on the discovery URI and can be picked up by client tooling.
+|Empty
+
+|VAULT_LOGIN_METHOD
+|The login method to use for the Vault instance associated with the Lieutenant instance.
+If not empty, it's returned on the discovery URI and can be picked up by client tooling.
+|Empty
+
 |K8S_AUTH_CLIENT_CACHE_SIZE
 |For each new API client (identified by the auth token), a Kubernetes client will be instantiated to pass through the request with the same token, which usually takes 2 seconds.
 The K8s client instance will be cached for subsequent API calls and this setting controls how many instances to keep in memory.

main.go

@@ -26,6 +26,8 @@ func main() {
 		Namespace:        os.Getenv("NAMESPACE"),
 		OidcDiscoveryURL: os.Getenv("OIDC_DISCOVERY_URL"),
 		OidcCLientID:     os.Getenv("OIDC_CLIENT_ID"),
+		VaultAddr:        os.Getenv("VAULT_ADDR"),
+		VaultLoginMethod: os.Getenv("VAULT_LOGIN_METHOD"),
 	}
 
 	e, err := service.NewAPIServer(conf)

openapi.yaml

@@ -33,6 +33,16 @@ components:
       description: >
         A unique object identifier string. Automatically generated by the API on creation (in the form
         "<letter>-<adjective>-<noun>-<digits>" where all letters are lowercase, max 63 characters in total).
+    VaultConfig:
+      type: object
+      required:
+        - addr
+      properties:
+        addr:
+          type: string
+          format: uri-template
+        loginMethod:
+          type: string
     OIDCConfig:
       type: object
       required:
@@ -53,6 +63,8 @@ components:
           type: string
         oidc:
           $ref: '#/components/schemas/OIDCConfig'
+        vault:
+          $ref: '#/components/schemas/VaultConfig'
     TenantProperties:
       type: object
       description: |-

pkg/service/api_service.go

@@ -36,6 +36,9 @@ type APIConfig struct {
 
 	OidcDiscoveryURL string
 	OidcCLientID     string
+
+	VaultAddr        string
+	VaultLoginMethod string
 }
 
 // APIContext is a custom echo context
@@ -81,6 +84,14 @@ func NewAPIServer(conf APIConfig, k8sMiddleware ...KubernetesAuth) (*echo.Echo,
 			DiscoveryUrl: conf.OidcDiscoveryURL,
 		}
 	}
+	if conf.VaultAddr != "" {
+		apiImpl.metadata.Vault = &api.VaultConfig{
+			Addr: conf.VaultAddr,
+		}
+		if conf.VaultLoginMethod != "" {
+			apiImpl.metadata.Vault.LoginMethod = &conf.VaultLoginMethod
+		}
+	}
 
 	e := echo.New()
 	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{

pkg/service/api_service_test.go

@@ -260,6 +260,8 @@ func rawSetupTest(t *testing.T, obj ...client.Object) (*echo.Echo, client.Client
 		Namespace:        "default",
 		OidcDiscoveryURL: "https://idp.example.com/.well-known/openid-configuration",
 		OidcCLientID:     "lieutenant",
+		VaultAddr:        "https://vault.example.com/",
+		VaultLoginMethod: "oidc",
 	}
 	e, err := NewAPIServer(conf, testMiddleWare)
 	assert.NoError(t, err)
@@ -307,4 +309,8 @@ func TestDiscovery(t *testing.T) {
 	require.NotNil(t, metadata.Oidc)
 	assert.Equal(t, "lieutenant", metadata.Oidc.ClientId)
 	assert.Equal(t, "https://idp.example.com/.well-known/openid-configuration", metadata.Oidc.DiscoveryUrl)
+	require.NotNil(t, metadata.Vault)
+	assert.Equal(t, "https://vault.example.com/", metadata.Vault.Addr)
+	require.NotNil(t, metadata.Vault.LoginMethod)
+	assert.Equal(t, "oidc", *metadata.Vault.LoginMethod)
 }