secrets from HashiCorp Vault

[nissanitz]

Added support for authentication with secrets from HashiCorp Vault by expanding the TriggerAuthentication resource with vault property which contains the authentication settings.

Vault property allows next options:

• address - Vault address (format - <scheme>://<host>:<port>)
• authentication - authentication method (currently supported: token and kubernetes)
• role and mount
• credetial - defines the Hashicorp Vault credentials depending on the authentication method
• secrets - list that defines the mapping between the path of the secret and the key in Vault to the parameter

for example:

apiVersion: keda.k8s.io/v1alpha1
kind: TriggerAuthentication
metadata:
  name: keda-trigger-auth-vault
  namespace: devops
spec:
  vault:
    address: <VAULT-ADDRESS>
    authentication: kubernetes
    role: <ROLE>
    mount: kubernetes
    credetial:
      serviceAccount: /var/run/secrets/kubernetes.io/serviceaccount/token
    secrets:
      - parameter: connection
        key: CONNECTION_STRING
        path: <SECRET-PATH>

Fixes #
#673

[tomkerkhove]

Would you mind opening a PR for our docs as well please?

[nissanitz]

PR to keda docs kedacore/keda-docs#199

[zroubalik]

@nisan270390 do you think you could add some tests to cover this scenario?

[nissanitz]

@zroubalik All the logic around HashiCorpVault Handler is in the initializing of the vault client, I don't see a way to write tests that will test this topic well

[tbickford]

It looks like there is a misspelling here that carries through in a couple other spots

[nissanitz]

thanks a lot, updated :)

[zroubalik]

LGTM