markltbaker
commented
5 years ago Closed markltbaker closed 5 years ago
markltbaker
commented
5 years ago 
jedidiahB
commented
5 years ago I'm also extremely interested in adding namespace support to get the Jenkins plugin functional with Enterprise Vault.
If you're authenticating via approle in another namespace, how are you using tokens generated from the login in other namespaces? My use case has each namespace manage it's on auth and secret backends, for that namespace.
markltbaker
commented
5 years ago hmmm. You make a very good point. We are authenticating at the root namespace for interactive users, but for AppRoles we are doing that at the namespace level. So I don't think I do actually need that optional namespace param in Auth.loginByAppRole().... Unless someone else wants it, I'll just take that out. Thanks for the feedback!
jedidiahB
commented
5 years ago @markltbaker The code works with top level namespaces, but child namespaces have a problem because the "/" delimiter gets URL encoded.
"infosec" works, but "infosec/devops" gets URL encoded to "infosec%2Fdevops". I'll see if our dev can post his patches to this issue, but I at least wanted to comment incase the PR gets merged before I can get it submitted.
steve-perkins
commented
5 years ago Sorry for the delayed response on this, guys. I've been pulled in other directions recently, and there's been a bit of a lag while recruiting other developers to lend some code in cranking out features.
Another internal developer here has been working on a branch to add support for the V2 key-value store. He went ahead and added enterprise namespace support to that branch while he was at it. The PR just went up (see link below). Once a couple of reviewers have taken a look then we'll merge and push a new version to Maven Central.
jedidiahB
commented
5 years ago Thank you so much @steve-perkins !! I'll have one of our guys try out the PR that supports namespaces ASAP.
markltbaker
commented
5 years ago Agreed, will review that PR and drop mine, did not see that the branch added Namespace support before.
fdevans
commented
2 years ago Is there a way to specify root as the namespace? I understand leaving it blank points to root but looking for a bit more deliberate setting.
Enterprise Vault supports namespaces https://www.vaultproject.io/docs/enterprise/namespaces/index.html which would be useful to support in the driver. It's just an extra header to the HTTPS request of "X-Vault-Namespace: your-namespace".
Unfortunately I think it would need some adding of public API, although could be done in a compatible way. Would be tempted to add an optional Namespace to the VaultConfig so it could be set once for all vault use. Would also need (in my use-case) to pass in an optional namespace to the Auth.loginByAppRole() method as my auth is attached in a different namespace to everything else.
Does anyone have feedback on the desirability of the above changes? Can knock up a MR but very happy to take direction on this. I don't have strong opinions about where/how to do it, but would like to use this driver with my Enterprise Vault :)