yamanin/registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(vault-token): add optional vault enterprise namespace variable (#108)

Browse Source 
Added an optional envvar to vault-token module to handle communicating
with a non default vault namespace.

in vault enterprise, you can run multiple secure isolated vault
environments from the one vault server.
each namespace has it's own authentication methods and secrets engines. 
vault uses the VAULT_NAMESPACE envvar to determine the namespace to use.
no value, or either `root` or `/` will use the root (default) namespace,
any other value will use a different namespace

in vault community edition, the only supported namespace is "root", no
other namespaces can be used.

in HCP vault dedicated (the saas hosted version), you cant access vault
without a namespace set

this defaults to not setting the env var, so is backwards compatible,
and works with vault CE

---------

Co-authored-by: Birdie K <5210502+moo-im-a-cow@users.noreply.github.com>
This commit is contained in:
Birdie Kingston 2025-05-28 10:57:14 +10:00 committed by GitHub
parent 5a3ade7cd4
commit a8d92df7d5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
registry/coder/modules/vault-token/README.md
View File

@ -20,11 +20,12 @@ variable "vault_token" {
} }
module "vault" { module "vault" {
source = "registry.coder.com/coder/vault-token/coder" source = "registry.coder.com/coder/vault-token/coder"
version = "1.1.0" version = "1.2.0"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
vault_token = var.token # optional vault_token = var.token # optional
vault_addr = "https://vault.example.com" vault_addr = "https://vault.example.com"
vault_namespace = "prod" # optional, vault enterprise only
} }
``` ```
@ -74,7 +75,7 @@ variable "vault_token" {
module "vault" { module "vault" {
source = "registry.coder.com/coder/vault-token/coder" source = "registry.coder.com/coder/vault-token/coder"
version = "1.1.0" version = "1.2.0"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com" vault_addr = "https://vault.example.com"
vault_token = var.token vault_token = var.token

12
registry/coder/modules/vault-token/main.tf
View File

@ -26,6 +26,11 @@ variable "vault_token" {
sensitive = true sensitive = true
default = null default = null
} }
variable "vault_namespace" {
type = string
description = "The Vault namespace to use."
default = null
}
variable "vault_cli_version" { variable "vault_cli_version" {
type = string type = string
@ -62,3 +67,10 @@ resource "coder_env" "vault_token" {
name = "VAULT_TOKEN" name = "VAULT_TOKEN"
value = var.vault_token value = var.vault_token
} }
resource "coder_env" "vault_namespace" {
count = var.vault_namespace != null ? 1 : 0
agent_id = var.agent_id
name = "VAULT_NAMESPACE"
value = var.vault_namespace
}