diff --git a/CHANGELOG.md b/CHANGELOG.md index 3639ceb..3c56a84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## Unreleased +FEATURES: + +* Support for changing the default Vault address and Kubernetes mount path via CLI flag to the vault-csi-provider binary + BUGS: * Added missing error handling when transforming SecretProviderClass config to a Vault request [[GH-97](https://github.com/hashicorp/vault-csi-provider/pull/97)] diff --git a/internal/config/config.go b/internal/config/config.go index 88190e0..5530d2a 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -11,11 +11,6 @@ import ( "k8s.io/apimachinery/pkg/types" ) -const ( - defaultVaultAddress string = "https://127.0.0.1:8200" - defaultVaultKubernetesMountPath string = "kubernetes" -) - // Config represents all of the provider's configurable behaviour from the MountRequest proto message: // * Parameters from the `Attributes` field. // * Plus the rest of the proto fields we consume. @@ -69,13 +64,13 @@ type Secret struct { SecretArgs map[string]interface{} `yaml:"secretArgs,omitempty"` } -func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string) (Config, error) { +func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string, defaultVaultAddr string, defaultVaultKubernetesMountPath string) (Config, error) { config := Config{ TargetPath: targetPath, } var err error - config.Parameters, err = parseParameters(logger, parametersStr) + config.Parameters, err = parseParameters(logger, parametersStr, defaultVaultAddr, defaultVaultKubernetesMountPath) if err != nil { return Config{}, err } @@ -93,7 +88,7 @@ func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string) return config, nil } -func parseParameters(logger hclog.Logger, parametersStr string) (Parameters, error) { +func parseParameters(logger hclog.Logger, parametersStr string, defaultVaultAddress string, defaultVaultKubernetesMountPath string) (Parameters, error) { var params map[string]string err := json.Unmarshal([]byte(parametersStr), ¶ms) if err != nil { diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 69016bb..582b17e 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -35,6 +35,8 @@ spec: common_name: "internal.example.com" method: "PUT" ` + defaultVaultAddress = "http://127.0.0.1:8200" + defaultVaultKubernetesMountPath = "kubernetes" ) func TestParseParametersFromYaml(t *testing.T) { @@ -51,7 +53,7 @@ func TestParseParametersFromYaml(t *testing.T) { require.NoError(t, err) // This is now the form the provider receives the data in. - params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes)) + params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes), defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err) require.Equal(t, Parameters{ @@ -85,7 +87,7 @@ func TestParseParameters(t *testing.T) { // This file's contents are copied directly from a driver mount request. parametersStr, err := ioutil.ReadFile(filepath.Join("testdata", "example-parameters-string.txt")) require.NoError(t, err) - actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr)) + actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr), defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err) expected := Parameters{ VaultRoleName: "example-role", @@ -176,7 +178,7 @@ func TestParseConfig(t *testing.T) { } { parametersStr, err := json.Marshal(tc.parameters) require.NoError(t, err) - cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420") + cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420", defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err, tc.name) require.Equal(t, tc.expected, cfg) } @@ -206,7 +208,7 @@ func TestParseConfig_Errors(t *testing.T) { } { parametersStr, err := json.Marshal(tc.parameters) require.NoError(t, err) - _, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420") + _, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420", defaultVaultAddress, defaultVaultKubernetesMountPath) require.Error(t, err, tc.name) } } diff --git a/internal/server/server.go b/internal/server/server.go index 2a1de3f..ef384ae 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -18,6 +18,8 @@ var ( // Server implements the secrets-store-csi-driver provider gRPC service interface. type Server struct { Logger hclog.Logger + VaultAddr string + VaultMount string WriteSecrets bool } @@ -30,7 +32,7 @@ func (p *Server) Version(context.Context, *pb.VersionRequest) (*pb.VersionRespon } func (p *Server) Mount(ctx context.Context, req *pb.MountRequest) (*pb.MountResponse, error) { - cfg, err := config.Parse(p.Logger.Named("config"), req.Attributes, req.TargetPath, req.Permission) + cfg, err := config.Parse(p.Logger.Named("config"), req.Attributes, req.TargetPath, req.Permission, p.VaultAddr, p.VaultMount) if err != nil { return nil, err } diff --git a/main.go b/main.go index a9f4b9a..6457bc9 100644 --- a/main.go +++ b/main.go @@ -24,6 +24,8 @@ var ( debug = flag.Bool("debug", false, "sets log to debug level") healthAddr = flag.String("health_addr", ":8080", "configure http listener for reporting health") selfVersion = flag.Bool("version", false, "prints the version information") + vaultAddr = flag.String("vault-addr", "https://127.0.0.1:8200", "default address for connecting to Vault") + vaultMount = flag.String("vault-mount", "kubernetes", "default Vault mount path for Kubernetes authentication") writeSecrets = flag.Bool("write_secrets", true, "write secrets directly to filesystem (true), or send secrets to CSI driver in gRPC response (false)") ) @@ -85,6 +87,8 @@ func realMain(logger hclog.Logger) error { s := &providerserver.Server{ Logger: serverLogger, + VaultAddr: *vaultAddr, + VaultMount: *vaultMount, WriteSecrets: *writeSecrets, } pb.RegisterCSIDriverProviderServer(server, s)