From b8dfccc795373c81b1c351091b812a2c444b29ac Mon Sep 17 00:00:00 2001
From: Marius Giger <marius@akenza.io>
Date: Fri, 14 May 2021 14:54:51 +0200
Subject: [PATCH 1/3] adds support for Vault namespaces (used in Vault
 Enterprise)

---
 src/vault.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vault.py b/src/vault.py
index 407193e..6cea735 100755
--- a/src/vault.py
+++ b/src/vault.py
@@ -198,7 +198,7 @@ def __init__(self, args, envs):
 
         # Setup Vault client (hvac)
         try:
-            self.client = hvac.Client(url=self.envs.vault_addr, token=os.environ["VAULT_TOKEN"])
+            self.client = hvac.Client(url=self.envs.vault_addr, namespace=os.environ["VAULT_NAMESPACE"], token=os.environ["VAULT_TOKEN"])
         except KeyError:
             print("Vault not configured correctly, check VAULT_ADDR and VAULT_TOKEN env variables.")
         except Exception as ex:

From 0810cc532f2f2963d12fdbaa82b0d146a68a88ce Mon Sep 17 00:00:00 2001
From: Marius Giger <marius@akenza.io>
Date: Fri, 14 May 2021 15:20:07 +0200
Subject: [PATCH 2/3] adds VAULT_NAMESPACE doc to README

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 6a9dc88..d1d0f4a 100644
--- a/README.md
+++ b/README.md
@@ -187,6 +187,7 @@ Decrypted files have the suffix ".yaml.dec" by default
 |--------------------|---------------------------|--------|--------|
 |`VAULT_ADDR`|`null`|The HTTP(S) address fo Vault|Yes|
 |`VAULT_TOKEN`|`null`|The token used to authenticate with Vault|Yes|
+|`VAULT_NAMESPACE`|`null`|The Vault namespace used for the command||
 |`VAULT_PATH`|`secret/helm`|The default path used within Vault||
 |`VAULT_MOUNT_POINT`|`secret`|The default mountpoint used within Vault||
 |`SECRET_DELIM`|`changeme`|The value which will be searched for within YAML to prompt for encryption/decryption||
@@ -212,6 +213,14 @@ The token used to authenticate with Vault.
 Default when not set: `null`, the program will error and inform you that this value needs to be set as an environment variable.
 </details>
 
+<details>
+<summary>VAULT_NAMESPACE</summary>
+
+The Vault namespace used for the command. Namespaces are isolated environments that functionally exist as "Vaults within a Vault." They have separate login paths and support creating and managing data isolated to their namespace. Namespaces are only available in Vault Enterprise.
+
+Default when not set: `null`.
+</details>
+
 <details>
 <summary>VAULT_PATH</summary>
 

From 556838fe5e8fa3715566d5c17c4f1b382b7c4055 Mon Sep 17 00:00:00 2001
From: Marius Giger <marius@akenza.io>
Date: Sun, 30 May 2021 19:50:17 +0200
Subject: [PATCH 3/3] makes VAULT_NAMESPACE optional, adds scripts for running
 tests using docker locally

---
 README.md          |  6 ++++++
 docker-compose.yml | 16 ++++++++++++++++
 run-tests.sh       | 31 +++++++++++++++++++++++++++++++
 src/vault.py       |  2 +-
 4 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 docker-compose.yml
 create mode 100755 run-tests.sh

diff --git a/README.md b/README.md
index d1d0f4a..547ed42 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,12 @@ pip3 install -r ./tests/requirements.txt
 python3 -m pytest
 ```
 
+for running tests using docker, you can use the following command:
+
+```
+./run-test.sh
+```
+
 ### Other Tests
 
 Unittesting and integration testing is automatically run via Github Actions on commit and PRs.
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..55843ba
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3.5"
+services:
+  vault:
+    container_name: helm-vault
+    image: vault
+    ports:
+      - 8200:8200
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "802e831f-bf5e-2740-d1f1-bbd936140e0b"
+      SKIP_SETCAP: "true"
+      VAULT_ADDR: "http://localhost:8200"
+    healthcheck:
+      test: ["CMD", "vault", "status"]
+      interval: 2s
+      timeout: 3s
+      retries: 30
diff --git a/run-tests.sh b/run-tests.sh
new file mode 100755
index 0000000..4789711
--- /dev/null
+++ b/run-tests.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+export VAULT_ADDR="http://localhost:8200"
+export VAULT_TOKEN="802e831f-bf5e-2740-d1f1-bbd936140e0b"
+export KVVERSION="v2"
+
+docker compose up -d 
+function getContainerHealth {
+    docker inspect --format "{{json .State.Health.Status }}" $1
+}
+
+# check that vault is running
+while STATUS=$(getContainerHealth helm-vault); [ "$STATUS" != '"healthy"' ]; do
+    if [ -z "$STATUS" ]; then
+        echo "Failed to retrieve status of docker container helm-vault"
+        exit 1
+    fi
+    if [ "$STATUS" == '"unhealthy"' ]; then
+        echo "Failed to start container helm-vault. See docker logs for details."
+        exit 1
+    fi
+    printf '.'
+    sleep 1
+done
+printf $'\n'
+
+# install and run tests
+pip3 install -r ./tests/requirements.txt
+python3 -m pytest
\ No newline at end of file
diff --git a/src/vault.py b/src/vault.py
index 6cea735..c7cd609 100755
--- a/src/vault.py
+++ b/src/vault.py
@@ -198,7 +198,7 @@ def __init__(self, args, envs):
 
         # Setup Vault client (hvac)
         try:
-            self.client = hvac.Client(url=self.envs.vault_addr, namespace=os.environ["VAULT_NAMESPACE"], token=os.environ["VAULT_TOKEN"])
+            self.client = hvac.Client(url=self.envs.vault_addr, namespace=os.environ.get("VAULT_NAMESPACE"), token=os.environ["VAULT_TOKEN"])
         except KeyError:
             print("Vault not configured correctly, check VAULT_ADDR and VAULT_TOKEN env variables.")
         except Exception as ex: