Skip to content

Commit

Permalink
fix: make HSM pin an optional argument to allow setting it via the BA…
Browse files Browse the repository at this point in the history 
…NK_VAULTS_HSM_PIN env var (#252)

Signed-off-by: Mark Hill <[email protected]>
  • Loading branch information
@mark64
mark64 authored Feb 9, 2024
1 parent e71dea9 commit 6396c8d
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 6 deletions.
21 changes: 19 additions & 2 deletions deploy/charts/vault-operator/crds/crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.12.1
name: vaults.vault.banzaicloud.com
spec:
group: vault.banzaicloud.com
Expand Down Expand Up @@ -1150,7 +1150,6 @@ spec:
required:
- keyLabel
- modulePath
- pin
type: object
kubernetes:
properties:
Expand Down Expand Up @@ -2004,6 +2003,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -2646,6 +2647,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -3295,6 +3298,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -4848,6 +4853,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -5465,6 +5472,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -6147,6 +6156,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -7141,6 +7152,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -7783,6 +7796,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -8432,6 +8447,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down
21 changes: 19 additions & 2 deletions deploy/crd/bases/vault.banzaicloud.com_vaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.12.1
name: vaults.vault.banzaicloud.com
spec:
group: vault.banzaicloud.com
Expand Down Expand Up @@ -1150,7 +1150,6 @@ spec:
required:
- keyLabel
- modulePath
- pin
type: object
kubernetes:
properties:
Expand Down Expand Up @@ -2004,6 +2003,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -2646,6 +2647,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -3295,6 +3298,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -4848,6 +4853,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -5465,6 +5472,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -6147,6 +6156,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -7141,6 +7152,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -7783,6 +7796,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down Expand Up @@ -8432,6 +8447,8 @@ spec:
x-kubernetes-int-or-string: true
type: object
type: object
restartPolicy:
type: string
securityContext:
properties:
allowPrivilegeEscalation:
Expand Down
10 changes: 8 additions & 2 deletions pkg/apis/vault/v1alpha1/vault_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -781,10 +781,15 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
fmt.Sprint(usc.HSM.SlotID),
"--hsm-key-label",
usc.HSM.KeyLabel,
"--hsm-pin",
usc.HSM.Pin,
)

if usc.HSM.Pin != "" {
args = append(args,
"--hsm-pin",
usc.HSM.Pin,
)
}

if usc.HSM.TokenLabel != "" {
args = append(args,
"--hsm-token-label",
Expand Down Expand Up @@ -908,6 +913,7 @@ type HSMUnsealConfig struct {
ModulePath string `json:"modulePath"`
SlotID uint `json:"slotId,omitempty"`
TokenLabel string `json:"tokenLabel,omitempty"`
// +optional
Pin string `json:"pin"`
KeyLabel string `json:"keyLabel"`
}
Expand Down

0 comments on commit 6396c8d

Please sign in to comment.