TriggerAuthentication/Vault: add support for vault namespace #2084
Labels
Comments
chapurlatn
added
feature-request
5 tasks
1 task
|
fixed in #2085 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Proposal
Support TriggerAuthentication for Vault Enterprise. For now, the Vault namespace feature can not be operate by TriggerAuthentication.
In the TriggerAuthentication spec, add an optional "spec.hashiCorpVault.namespace" in order to be compliant with all Vault install (and update the Vault authentication sequence accordingly).
Currently, it's not possible to setup a Vault TriggerAuthentication when using a namespace-based Vault server.
I could be useful to provide, in the spec, an optional "spec.hashiCorpVault.namespace" in order to be compliant with all Vault install.
Notes:
I checked Keda code and the corresponding handler do not implement namespace handling (https://github.com/kedacore/keda/blob/main/pkg/scaling/resolver/hashicorpvault_handler.go).
Here's an example of how to support namespace: https://github.com/hashicorp/vault/blob/main/api/client.go#L486
Use-Case
This allow to perform Vault authentication on a Vault Enterprise platform organized with isolated namespaces.
This way, any team in some organization can manage its own Keda trigger authentication within its own Vault namespace.
Anything else?
Useful links:
Relates to #2080
The text was updated successfully, but these errors were encountered: