Merge pull request #39 from akenza-io/add-support-for-vault-namespace

Add support for Vault namespaces (used in Vault Enterprise)

README.md

@@ -131,6 +131,12 @@ pip3 install -r ./tests/requirements.txt
 python3 -m pytest
 ```
 
+for running tests using docker, you can use the following command:
+
+```
+./run-test.sh
+```
+
 ### Other Tests
 
 Unittesting and integration testing is automatically run via Github Actions on commit and PRs.
@@ -187,6 +193,7 @@ Decrypted files have the suffix ".yaml.dec" by default
 |--------------------|---------------------------|--------|--------|
 |`VAULT_ADDR`|`null`|The HTTP(S) address fo Vault|Yes|
 |`VAULT_TOKEN`|`null`|The token used to authenticate with Vault|Yes|
+|`VAULT_NAMESPACE`|`null`|The Vault namespace used for the command||
 |`VAULT_PATH`|`secret/helm`|The default path used within Vault||
 |`VAULT_MOUNT_POINT`|`secret`|The default mountpoint used within Vault||
 |`SECRET_DELIM`|`changeme`|The value which will be searched for within YAML to prompt for encryption/decryption||
@@ -212,6 +219,14 @@ The token used to authenticate with Vault.
 Default when not set: `null`, the program will error and inform you that this value needs to be set as an environment variable.
 </details>
 
+<details>
+<summary>VAULT_NAMESPACE</summary>
+
+The Vault namespace used for the command. Namespaces are isolated environments that functionally exist as "Vaults within a Vault." They have separate login paths and support creating and managing data isolated to their namespace. Namespaces are only available in Vault Enterprise.
+
+Default when not set: `null`.
+</details>
+
 <details>
 <summary>VAULT_PATH</summary>
 

docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3.5"
+services:
+  vault:
+    container_name: helm-vault
+    image: vault
+    ports:
+      - 8200:8200
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "802e831f-bf5e-2740-d1f1-bbd936140e0b"
+      SKIP_SETCAP: "true"
+      VAULT_ADDR: "http://localhost:8200"
+    healthcheck:
+      test: ["CMD", "vault", "status"]
+      interval: 2s
+      timeout: 3s
+      retries: 30

run-tests.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+export VAULT_ADDR="http://localhost:8200"
+export VAULT_TOKEN="802e831f-bf5e-2740-d1f1-bbd936140e0b"
+export KVVERSION="v2"
+
+docker compose up -d 
+function getContainerHealth {
+    docker inspect --format "{{json .State.Health.Status }}" $1
+}
+
+# check that vault is running
+while STATUS=$(getContainerHealth helm-vault); [ "$STATUS" != '"healthy"' ]; do
+    if [ -z "$STATUS" ]; then
+        echo "Failed to retrieve status of docker container helm-vault"
+        exit 1
+    fi
+    if [ "$STATUS" == '"unhealthy"' ]; then
+        echo "Failed to start container helm-vault. See docker logs for details."
+        exit 1
+    fi
+    printf '.'
+    sleep 1
+done
+printf $'\n'
+
+# install and run tests
+pip3 install -r ./tests/requirements.txt
+python3 -m pytest

src/vault.py

@@ -198,7 +198,7 @@ def __init__(self, args, envs):
 
         # Setup Vault client (hvac)
         try:
-            self.client = hvac.Client(url=self.envs.vault_addr, token=os.environ["VAULT_TOKEN"])
+            self.client = hvac.Client(url=self.envs.vault_addr, namespace=os.environ.get("VAULT_NAMESPACE"), token=os.environ["VAULT_TOKEN"])
         except KeyError:
             print("Vault not configured correctly, check VAULT_ADDR and VAULT_TOKEN env variables.")
         except Exception as ex: