Fix operator panic when spec.hashiCorpVault.credential.serviceAccount…

… is not set (#5180) Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
kedacore · Nov 20, 2023 · 1c560ae · 1c560ae
1 parent 5211cda
commit 1c560ae
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -63,6 +63,7 @@ Here is an overview of all new **experimental** features:
 - **General**: Add parameter queryParameters to prometheus-scaler ([#4962](https://github.com/kedacore/keda/issues/4962))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))
+- **Hashicorp Vault**: Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set ([#4964](https://github.com/kedacore/keda/issues/4964))
 - **Kafka Scaler**: Ability to set upper bound to the number of partitions with lag ([#3997](https://github.com/kedacore/keda/issues/3997))
 - **Kafka Scaler**: Add more logging to check Sarama DescribeTopics method ([#5102](https://github.com/kedacore/keda/issues/5102))
 - **Kafka Scaler**: Add support for Kerberos authentication (SASL / GSSAPI) ([#4836](https://github.com/kedacore/keda/issues/4836))

diff --git a/pkg/scaling/resolver/hashicorpvault_handler.go b/pkg/scaling/resolver/hashicorpvault_handler.go
@@ -110,6 +110,13 @@ func (vh *HashicorpVaultHandler) token(client *vaultapi.Client) (string, error)
  return token, errors.New("k8s role not in config")
  }
 
+ if vh.vault.Credential == nil {
+ defaultCred := kedav1alpha1.Credential{
+ ServiceAccount: "/var/run/secrets/kubernetes.io/serviceaccount/token",
+ }
+ vh.vault.Credential = &defaultCred
+ }
+
  if len(vh.vault.Credential.ServiceAccount) == 0 {
  return token, errors.New("k8s SA file not in config")
  }

diff --git a/pkg/scaling/resolver/hashicorpvault_handler_test.go b/pkg/scaling/resolver/hashicorpvault_handler_test.go
@@ -345,6 +345,25 @@ func TestHashicorpVaultHandler_ResolveSecret(t *testing.T) {
  }
 }
 
+func TestHashicorpVaultHandler_DefaultKubernetesVaultRole(t *testing.T) {
+ defaultServiceAccountPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
+ server := mockVault(t)
+ defer server.Close()
+
+ vault := kedav1alpha1.HashiCorpVault{
+ Address: server.URL,
+ Authentication: kedav1alpha1.VaultAuthenticationKubernetes,
+ Mount: "my-mount",
+ Role: "my-role",
+ }
+
+ vaultHandler := NewHashicorpVaultHandler(&vault)
+ err := vaultHandler.Initialize(logf.Log.WithName("test"))
+ defer vaultHandler.Stop()
+ assert.Errorf(t, err, "open %s : no such file or directory", defaultServiceAccountPath)
+ assert.Equal(t, vaultHandler.vault.Credential.ServiceAccount, defaultServiceAccountPath)
+}
+
 func TestHashicorpVaultHandler_ResolveSecrets_SameCertAndKey(t *testing.T) {
  server := mockVault(t)
  defer server.Close()