Add support mount multiple secrets

[ardimaul]

Hi.. When vault come into different path for applying some policy for different departement like database credentials, apps configuration and others, We need to merge into one environment configuration in kubernetes apps. Rather than create more than one vault kind for each path, I think this can be done by mount multiple path of vault in one kind vault-crd then combine it into one secrets, then mount it into kubernetes apps environment for only single secrets

[DaspawnW]

Hi @ardimaul,

please have a look at this: https://vault.koudingspawn.de/supported-secret-types/secret-type-properties Does it support your requirements?

[ardimaul]

Hi @DaspawnW Yes, it works like that, multiple mounting.. But it doesn't support return as string without specify the key like KV/KV2 mounting type.

[ardimaul]

Maybe it will looks like this,

spec:
  type: "KEYVALUE"
  path:
    - "secret/one-secret"
    - "secret/two-secret"

If key exist in both secret, the last key in secret will apply to them

[DaspawnW]

Hi @ardimaul,

I would really welcome a merge request for it :-)

[matiri132]

Hi DaspawnW , i can work with this issue cause i need it for a project, can you give some hints on how to proceed to make ir more faster. Where in the source code do you think this issue can be solved. I'm reading the code but it can be faster if you sendme a hint to how to start.

[DaspawnW]

Hi @matiri132,

I would recommend you create a new Secret Type:

• https://github.com/DaspawnW/vault-crd/blob/master/src/main/java/de/koudingspawn/vault/vault/impl/KeyValueGenerator.java
• https://github.com/DaspawnW/vault-crd/blob/master/src/main/java/de/koudingspawn/vault/kubernetes/scheduler/impl/KeyValueRefresh.java

The other option is you add an additional property next to the path property called paths (to prevent collision) https://github.com/DaspawnW/vault-crd/blob/master/crd.yml#L25 and update the corresponding VaultSpec in Java: https://github.com/DaspawnW/vault-crd/blob/master/src/main/java/de/koudingspawn/vault/crd/VaultSpec.java#L10

Then you can "simply" change the KeyValueGenerator / KeyValueRefresh classes to take this up.

[matiri132]

Hi @DaspawnW , i was working around the propossals that you give me to start the resolution of the issue but i'm blocked. I'm trying to add a property called paths what works as Array in the crd.yaml, so the VaultSpec receives this Array as "paths". But then the KeyValueGenerator wants to return a single secret. Here i'm blocked cause i can't reach where the KeyGenerator is used to create the Kubernetes secret from the VaultSecret. If you can guide me in the code flow or give me some documentation of how works the whole program to figure out how continue with this. I'll give to you this first changes in a new branch (but the code not compile yet).