184 : fix use of AppRole with custom mount

[ahmedtoumi]

Description

When we use vaultProvider with AppRole and custom mount, the authentication use UserPass instead of AppRole

Motivation and Context

Vault Provider

When using Vault provider, we need some configs like :

vault.address = https://vault.xxxx.com vault.auth.method = AppRole vault.auth.mount = approle-xxx vault.auth.role = xxxxx vault.auth.secret = [hidden] vault.namespace = vault.prefixpath = vault.secrets.version = 2

but unfortunately, when we specify a custome vault.auth.mount, the java code force the use of UserPass login instead of AppRole in this line

this code

 public AuthResult execute(VaultConfigProviderConfig config, Vault vault) throws VaultException {
  AuthResponse response;
  if (isNullOrEmpty(config.mount)) {
    log.trace("execute() - calling loginByAppRole('{}', '*****')", config.role);
    response = vault.auth().loginByAppRole(config.role, config.secret);
  } else {
    log.trace("execute() - calling loginByUserPass('{}', ****, '{}')", config.username, config.mount);
    response = vault.auth().loginByUserPass(config.username, config.password, config.mount);
  }
  return result(response);
}

should be replaced by this one

  public AuthResult execute(VaultConfigProviderConfig config, Vault vault) throws VaultException {
  AuthResponse response;

  if (isNullOrEmpty(config.mount)) {
    log.trace("execute() - calling loginByAppRole('{}', '*****')", config.role);
    response = vault.auth().loginByAppRole(config.role, config.secret);
  } else {
    log.trace("execute() - calling loginByAppRole('{}', '{}', ****)", config.mount, config.role);
    response = vault.auth().loginByAppRole( config.mount, config.role, config.secret);
  }
  return result(response);
}

Issue : 184

How Has This Been Tested?

Test in Progress

Screenshots (if appropriate):

Before

After

Types of changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [ ] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [ ] I have added tests to cover my changes.
• [ ] All new and existing tests passed.

[cla-assistant[bot]]

All committers have signed the CLA.

[cla-assistant[bot]]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

ahmed.toumi-ext seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[ahmedtoumi]

Tested with deploying manually the generated ZIP confluent-hub install --no-prompt /tmp/confluentinc-csid-secrets-provider-vault-1.0.11-SNAPSHOT.zip and it's working