feat: Make k8s mount path optional (#82)

argoproj-labs · Mar 2, 2021 · 708cbc0 · 708cbc0
1 parent c1982ff
commit 708cbc0
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -302,7 +302,7 @@ Once ArgoCD and Kubernetes are configured, you can then set the required environ
 VAULT_ADDR: Your HashiCorp Vault Address
 TYPE: vault
 AUTH_TYPE: k8s
-K8S_MOUNT_POINT: Mount Point of your kubernetes Auth
+K8S_MOUNT_PATH: Mount Path of your kubernetes Auth (optional)
 K8S_ROLE: Your Kuberetes Auth Role
 K8S_TOKEN_PATH: Path to JWT (optional)
 ```
@@ -375,7 +375,7 @@ environment variables take precedence over configuration pulled from a Kubernete
 | GITHUB_TOKEN   | Github token               | Required with `AUTH_TYPE` of `github` |
 | ROLE_ID        | Vault AppRole Role_ID      | Required with `AUTH_TYPE` of `approle` |
 | SECRET_ID      | Vault AppRole Secret_ID    | Required with `AUTH_TYPE` of `approle` |
-| K8S_MOUNT_POINT | Kuberentes Auth Mount Point | Required with `AUTH_TYPE` of `k8s` |
+| K8S_MOUNT_PATH | Kuberentes Auth Mount PATH | Optional for `AUTH_TYPE` of `k8s` defaults to `auth/kubernetes` |
 | K8S_ROLE       | Kuberentes Auth Role      | Required with `AUTH_TYPE` of `k8s` |
 | K8S_TOKEN_PATH | Path to JWT for Kubernetes Auth  | Optional for `AUTH_TYPE` of `k8s` defaults to `/var/run/secrets/kubernetes.io/serviceaccount/token` |
 | IBM_API_KEY    | IBM Cloud IAM API Key      | Required with `TYPE` of `secretmanager` and `AUTH_TYPE` of `iam` |

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -89,18 +89,14 @@ func New(viper *viper.Viper, httpClient *http.Client) (*Config, error) {
 				return nil, errors.New("GITHUB_TOKEN for github authentication cannot be empty")
 			}
 		case "k8s":
-			if viper.IsSet("K8S_MOUNT_POINT") && viper.IsSet("K8S_ROLE") {
-				tokenPath := ""
-				if viper.IsSet("K8S_TOKEN_PATH") {
-					tokenPath = viper.GetString("K8S_TOKEN_PATH")
-				}
+			if viper.IsSet("K8S_ROLE") {
 				auth = vault.NewK8sAuth(
 					viper.GetString("K8S_ROLE"),
-					viper.GetString("K8S_MOUNT_POINT"),
-					tokenPath,
+					viper.GetString("K8S_MOUNT_PATH"),
+					viper.GetString("K8S_TOKEN_PATH"),
 				)
 			} else {
-				return nil, errors.New("K8S_MOUNT_POINT or K8S_ROLE cannot be empty when using Kubernetes Auth")
+				return nil, errors.New("K8S_ROLE cannot be empty when using Kubernetes Auth")
 			}
 		default:
 			return nil, errors.New("Must provide a supported Authentication Type")

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -46,6 +46,14 @@ func TestNewConfig(t *testing.T) {
 			},
 			"*backends.Vault",
 		},
+		{
+			map[string]interface{}{
+				"AVP_TYPE":      "vault",
+				"AVP_AUTH_TYPE": "k8s",
+				"AVP_K8S_ROLE":  "role",
+			},
+			"*backends.Vault",
+		},
 		{
 			map[string]interface{}{
 				"AVP_TYPE":            "vault",
@@ -228,9 +236,8 @@ func TestNewConfigMissingParameter(t *testing.T) {
 		},
 		{
 			map[string]interface{}{
-				"AVP_TYPE":            "vault",
-				"AVP_AUTH_TYPE":       "k8s",
-				"AVP_K8S_MOUNT_POINT": "mount_point",
+				"AVP_TYPE":      "vault",
+				"AVP_AUTH_TYPE": "k8s",
 			},
 			"*backends.Vault",
 		},