Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Vault Namespaces explicitly in CA config #11477

Merged
merged 9 commits into from
Nov 5, 2021
Merged

Support Vault Namespaces explicitly in CA config #11477

merged 9 commits into from
Nov 5, 2021

Conversation

clly
Copy link
Contributor

@clly clly commented Nov 2, 2021
edited
Loading

If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client

Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:

  1. Set the VAULT_NAMESPACE environment variable which will be picked up
    by the Vault API client
  2. Prefix all Vault paths with the namespace

Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected that the consul owner has that access but it's not super pleasant.

The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported

@clly
Support Vault Namespaces explicitly in CA config
b9d449e 
If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client

Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace

Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.

The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported
@clly clly requested a review from a team as a code owner November 2, 2021 17:39
@github-actions github-actions bot added theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies type/docs Documentation needs to be created/updated/clarified labels Nov 2, 2021
@hashicorp-ci
Copy link
Contributor

🤔 This PR has changes in the website/ directory but does not have a type/docs-cherrypick label. If the changes are for the next version, this can be ignored. If they are updates to current docs, attach the label to auto cherrypick to the stable-website branch after merging.

@clly clly added theme/consul-vault Relating to Consul & Vault interactions type/enhancement Proposed improvement or new feature type/docs Documentation needs to be created/updated/clarified and removed type/docs Documentation needs to be created/updated/clarified labels Nov 2, 2021
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 2, 2021 19:47 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 2, 2021 19:47 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 2, 2021 19:53 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 2, 2021 19:53 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 3, 2021 03:00 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 3, 2021 03:00 Inactive
@clly clly requested a review from acpana November 3, 2021 15:42
acpana
acpana approved these changes Nov 3, 2021
View reviewed changes
Copy link
Contributor

@acpana acpana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM! 🚀

crhino
crhino approved these changes Nov 5, 2021
View reviewed changes
Copy link
Contributor

@crhino crhino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

.changelog/11477.txt Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – consul November 5, 2021 16:27 Inactive
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 5, 2021 16:27 Inactive
@clly clly merged commit efe4b21 into main Nov 5, 2021
@clly clly deleted the clly/support-vault-namespaces-in-ca-config branch November 5, 2021 16:42
@hc-github-team-consul-core
Copy link
Contributor

🍒 If backport labels were added before merging, cherry-picking will start automatically.

To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/494815.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crhino crhino crhino approved these changes

@acpana acpana acpana approved these changes

Assignees
No one assigned
Labels
theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies theme/consul-vault Relating to Consul & Vault interactions type/docs Documentation needs to be created/updated/clarified type/enhancement Proposed improvement or new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@clly @hashicorp-ci @hc-github-team-consul-core @crhino @acpana