Skip to content

DGS-22404 Add AppRole auth for HC Vault #2084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 6, 2025
Merged

DGS-22404 Add AppRole auth for HC Vault #2084

merged 1 commit into from
Oct 6, 2025

Conversation

rayokota
Copy link
Member

@rayokota rayokota commented Oct 4, 2025
edited
Loading

What

Add AppRole auth for HC Vault. Tested manually with local HC Vault instance with AppRole auth enabled.

Checklist

  • [Y] Contains customer facing changes? Including API/behavior changes
  • [Y] Did you add sufficient unit test and/or integration test coverage for this PR?
    • Covered by existing tests plus new manual testing.

References

JIRA:

Test & Review

Open questions / Follow-ups

@Copilot Copilot AI review requested due to automatic review settings October 4, 2025 07:04
@rayokota rayokota requested review from MSeal and a team as code owners October 4, 2025 07:04
@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

Copilot
Copilot AI reviewed Oct 4, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds AppRole authentication support to the HashiCorp Vault KMS driver, allowing authentication using role ID and secret ID as an alternative to token-based authentication.

  • Added support for AppRole authentication configuration through new constants and environment variables
  • Extended the KMS client constructor to handle role ID and secret ID parameters
  • Implemented AppRole login functionality in the client initialization

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
hcvault_driver.py Added AppRole configuration constants and environment variable fallback logic
hcvault_client.py Extended constructor to accept AppRole credentials and perform AppRole login

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@sonarqube-confluent

This comment has been minimized.

Sign in to view
1 similar comment
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent
Copy link

Passed

Analysis Details

0 Issues

  • Bug 0 Bugs
  • Vulnerability 0 Vulnerabilities
  • Code Smell 0 Code Smells

Coverage and Duplications

  • Coverage 9.50% Coverage (66.90% Estimated after merge)
  • Duplications No duplication information (4.90% Estimated after merge)

Project ID: confluent-kafka-python

View in SonarQube

@rayokota rayokota merged commit adc1b81 into master Oct 6, 2025
3 checks passed
@rayokota rayokota deleted the DGS-22404 branch October 6, 2025 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@Claimundefine Claimundefine Claimundefine approved these changes

@tobiogunbi tobiogunbi tobiogunbi approved these changes

@MSeal MSeal Awaiting requested review from MSeal MSeal is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rayokota @Claimundefine @tobiogunbi