Fix CHANGELOG and add test for the change

Signed-off-by: dttung2905 <[email protected]>
kedacore · Nov 13, 2023 · 760befb · 760befb
1 parent faf8c9a
commit 760befb
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -62,6 +62,7 @@ Here is an overview of all new **experimental** features:
 
 - **General**: Add parameter queryParameters to prometheus-scaler ([#4962](https://github.com/kedacore/keda/issues/4962))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
+- **Hashicorp Vault*: Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set ([#4964](https://github.com/kedacore/keda/issues/4964))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))
 - **Kafka Scaler**: Ability to set upper bound to the number of partitions with lag ([#3997](https://github.com/kedacore/keda/issues/3997))
 - **Kafka Scaler**: Add support for Kerberos authentication (SASL / GSSAPI) ([#4836](https://github.com/kedacore/keda/issues/4836))

diff --git a/pkg/scaling/resolver/hashicorpvault_handler.go b/pkg/scaling/resolver/hashicorpvault_handler.go
@@ -110,6 +110,13 @@ func (vh *HashicorpVaultHandler) token(client *vaultapi.Client) (string, error)
 			return token, errors.New("k8s role not in config")
 		}
 
+		if vh.vault.Credential == nil {
+			defaultCred := kedav1alpha1.Credential{
+				ServiceAccount: "/var/run/secrets/kubernetes.io/serviceaccount/token",
+			}
+			vh.vault.Credential = &defaultCred
+		}
+
 		if len(vh.vault.Credential.ServiceAccount) == 0 {
 			return token, errors.New("k8s SA file not in config")
 		}

diff --git a/pkg/scaling/resolver/hashicorpvault_handler_test.go b/pkg/scaling/resolver/hashicorpvault_handler_test.go
@@ -345,6 +345,25 @@ func TestHashicorpVaultHandler_ResolveSecret(t *testing.T) {
 	}
 }
 
+func TestHashicorpVaultHandler_DefaultKubernetesVaultRole(t *testing.T) {
+	defaultServiceAccountPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	server := mockVault(t)
+	defer server.Close()
+
+	vault := kedav1alpha1.HashiCorpVault{
+		Address:        server.URL,
+		Authentication: kedav1alpha1.VaultAuthenticationKubernetes,
+		Mount:          "my-mount",
+		Role:           "my-role",
+	}
+
+	vaultHandler := NewHashicorpVaultHandler(&vault)
+	err := vaultHandler.Initialize(logf.Log.WithName("test"))
+	defer vaultHandler.Stop()
+	assert.Errorf(t, err, "open %s : no such file or directory", defaultServiceAccountPath)
+	assert.Equal(t, vaultHandler.vault.Credential.ServiceAccount, defaultServiceAccountPath)
+}
+
 func TestHashicorpVaultHandler_ResolveSecrets_SameCertAndKey(t *testing.T) {
 	server := mockVault(t)
 	defer server.Close()