feat(kubeconfig_from_vault): Add --login-oidc param to automatically …

…log in
sikalabs · Feb 8, 2025 · fae870e · fae870e
1 parent d98769d
commit fae870e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go b/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go
@@ -16,6 +16,7 @@ import (
 
 var FlagVaultAddr string
 var FlagVaultSecretPath string
+var FlagLoginOIDC bool
 
 var Cmd = &cobra.Command{
 	Use:   "kubeconfig-from-vault",
@@ -43,6 +44,12 @@ func init() {
 		"Vault Secret Path",
 	)
 	Cmd.MarkFlagRequired("path")
+	Cmd.Flags().BoolVar(
+		&FlagLoginOIDC,
+		"login-oidc",
+		false,
+		"Vault Login with OIDC",
+	)
 }
 
 func kubeconfigFromVault(vaultAddr, secretPath string) {
@@ -56,6 +63,10 @@ func kubeconfigFromVault(vaultAddr, secretPath string) {
 
 	caFilePath := createTmpFile(KUBERNETES_CA)
 
+	if FlagLoginOIDC {
+		sh([]string{"vault", "login", "-address", vaultAddr, "-method=oidc"})
+	}
+
 	sh([]string{"kubectl", "config", "set-cluster", KUBERNETES_CLUSTER_NAME, "--server=" + KUBERNETES_SERVER, "--certificate-authority=" + caFilePath, "--embed-certs=true"})
 	sh([]string{"kubectl", "config", "set-credentials", KUBERNETES_CLUSTER_NAME, "--token=" + KUBERNETES_TOKEN})
 	sh([]string{"kubectl", "config", "set-context", KUBERNETES_CLUSTER_NAME, "--cluster=" + KUBERNETES_CLUSTER_NAME, "--user=" + KUBERNETES_CLUSTER_NAME})