mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-07 12:29:31 +00:00
b866bd491c
The new `vaultAuthNamespace` configuration parameter can be set to the
Vault Namespace where the authentication is setup in the service. Some
Hashicorp Vault deployments use sub-namespaces for their users/tenants,
with a 'root' namespace where the authentication is configured. This
requires passing of different Vault namespaces for different operations.
Example:
- the Kubernetes Auth mechanism is configured for in the Vault
Namespace called 'devops'
- a user/tenant has a sub-namespace called 'devops/website' where the
encryption passphrases can be placed in the key-value store
The configuration for this, then looks like:
vaultAuthNamespace: devops
vaultNamespace: devops/homepage
Note that Vault Namespaces are a feature of the Hashicorp Vault
Enterprise product, and not part of the Open Source version. This
prevents adding e2e tests that validate the Vault Namespace
configuration.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit
|
||
---|---|---|
.. | ||
aws_metadata_test.go | ||
aws_metadata.go | ||
cephcmds.go | ||
cephconf.go | ||
conn_pool_test.go | ||
conn_pool.go | ||
connection.go | ||
credentials.go | ||
crypto_test.go | ||
crypto.go | ||
cryptsetup.go | ||
csiconfig_test.go | ||
csiconfig.go | ||
errors_test.go | ||
errors.go | ||
httpserver.go | ||
idlocker_test.go | ||
idlocker.go | ||
k8s.go | ||
kms_test.go | ||
kms.go | ||
log.go | ||
pidlimit_test.go | ||
pidlimit.go | ||
secretskms_test.go | ||
secretskms.go | ||
stripsecrets.go | ||
topology_test.go | ||
topology.go | ||
util_test.go | ||
util.go | ||
validate.go | ||
vault_sa_test.go | ||
vault_sa.go | ||
vault_test.go | ||
vault_tokens_test.go | ||
vault_tokens.go | ||
vault.go | ||
volid_test.go | ||
volid.go |