From fae870eeb6cdd7647c719cf4a2b21730bc6e6106 Mon Sep 17 00:00:00 2001
From: Ondrej Sika <ondrej@ondrejsika.com>
Date: Sat, 8 Feb 2025 01:43:40 +0100
Subject: [PATCH] feat(kubeconfig_from_vault): Add --login-oidc param to
 automatically log in

---
 cmd/kubeconfig_from_vault/kubeconfig_from_vault.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go b/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go
index 0e595b9..1ab816b 100644
--- a/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go
+++ b/cmd/kubeconfig_from_vault/kubeconfig_from_vault.go
@@ -16,6 +16,7 @@ import (
 
 var FlagVaultAddr string
 var FlagVaultSecretPath string
+var FlagLoginOIDC bool
 
 var Cmd = &cobra.Command{
 	Use:   "kubeconfig-from-vault",
@@ -43,6 +44,12 @@ func init() {
 		"Vault Secret Path",
 	)
 	Cmd.MarkFlagRequired("path")
+	Cmd.Flags().BoolVar(
+		&FlagLoginOIDC,
+		"login-oidc",
+		false,
+		"Vault Login with OIDC",
+	)
 }
 
 func kubeconfigFromVault(vaultAddr, secretPath string) {
@@ -56,6 +63,10 @@ func kubeconfigFromVault(vaultAddr, secretPath string) {
 
 	caFilePath := createTmpFile(KUBERNETES_CA)
 
+	if FlagLoginOIDC {
+		sh([]string{"vault", "login", "-address", vaultAddr, "-method=oidc"})
+	}
+
 	sh([]string{"kubectl", "config", "set-cluster", KUBERNETES_CLUSTER_NAME, "--server=" + KUBERNETES_SERVER, "--certificate-authority=" + caFilePath, "--embed-certs=true"})
 	sh([]string{"kubectl", "config", "set-credentials", KUBERNETES_CLUSTER_NAME, "--token=" + KUBERNETES_TOKEN})
 	sh([]string{"kubectl", "config", "set-context", KUBERNETES_CLUSTER_NAME, "--cluster=" + KUBERNETES_CLUSTER_NAME, "--user=" + KUBERNETES_CLUSTER_NAME})