provider-vault

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2023 License: Apache-2.0

README

Provider Vault

provider-vault is a Crossplane provider that is built using Upjet code generation tools and exposes XRM-conformant managed resources for the Vault API.

Prerequisites

This provider interacts with HashiCorp Vault. To test it you will need Vault installed. Vault has many options and various ways for how it can be installed. We will use a very simple installation approach to show how to test the provider-vault manually per below. To test this provider-vault using automated tests, please run make e2e. This will create, initialize and unseal a copy of Vault against which the automated tests are running. The list of tests is specified in the Makefile variable UPTEST_EXAMPLE_LIST. The tests it runs are specified in the examples directory.

Create a vault namespace.

kubectl create namespace vault

Add hashicorp to your helm repo.

helm repo add hashicorp https://helm.releases.hashicorp.com

Install vault. Note that the vault-0 pod will not be ready until vault is unsealed. This is expected behavior.

helm install vault hashicorp/vault -n vault

Initialize and unseal vault.

kubectl exec -it vault-0 -n vault -- sh

Inside of the vault pod, initialize it.

vault operator init

Make note of the root key and the unseal keys.

Unseal vault 3 times with a different key.

vault operator unseal

Verify that vault is unsealed.

vault status

From the commandline, forward the vault pod port.

kubectl port-forward vault-0 -n vault 8200:8200

Update the examples/providerconfig/secret.yaml.tmpl with your root token or an access token that was created in Vault for your provider. Note that this token should not be accessible by cluster operators, only by Vault admins.

Apply provider-vault package/crds.

kubectl apply -f package/crds

Apply the secret.

kubectl apply -f providerconfig/secret.yaml.tmpl

Apply the provider config.

kubectl apply -f providerconfig/providerconfig.yaml

Getting Started

Install the provider by using the following command after changing the image tag to the latest release:

up ctp provider install upbound/provider-vault:v0.1.0

Alternatively, you can use declarative installation:

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-vault
spec:
  package: upbound/provider-vault:v0.1.0
EOF

Notice that in this example Provider resource is referencing ControllerConfig with debug enabled.

You can see the API reference here.

Developing

Run code-generation pipeline:

go run cmd/generator/main.go "$PWD"

Run against a Kubernetes cluster:

make run

Build, push, and install:

make all

Build binary:

make build

Report a Bug

For filing bugs, suggesting improvements, or requesting new features, please open an issue.

Directories

Path Synopsis
Package apis contains Kubernetes API for the provider.
Package apis contains Kubernetes API for the provider.
ad/v1alpha1
+kubebuilder:object:generate=true +groupName=ad.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=ad.vault.upbound.io +versionName=v1alpha1
alicloud/v1alpha1
+kubebuilder:object:generate=true +groupName=alicloud.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=alicloud.vault.upbound.io +versionName=v1alpha1
approle/v1alpha1
+kubebuilder:object:generate=true +groupName=approle.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=approle.vault.upbound.io +versionName=v1alpha1
audit/v1alpha1
+kubebuilder:object:generate=true +groupName=audit.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=audit.vault.upbound.io +versionName=v1alpha1
auth/v1alpha1
+kubebuilder:object:generate=true +groupName=auth.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=auth.vault.upbound.io +versionName=v1alpha1
aws/v1alpha1
+kubebuilder:object:generate=true +groupName=aws.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=aws.vault.upbound.io +versionName=v1alpha1
azure/v1alpha1
+kubebuilder:object:generate=true +groupName=azure.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=azure.vault.upbound.io +versionName=v1alpha1
cert/v1alpha1
+kubebuilder:object:generate=true +groupName=cert.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=cert.vault.upbound.io +versionName=v1alpha1
consul/v1alpha1
+kubebuilder:object:generate=true +groupName=consul.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=consul.vault.upbound.io +versionName=v1alpha1
database/v1alpha1
+kubebuilder:object:generate=true +groupName=database.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=database.vault.upbound.io +versionName=v1alpha1
egp/v1alpha1
+kubebuilder:object:generate=true +groupName=egp.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=egp.vault.upbound.io +versionName=v1alpha1
gcp/v1alpha1
+kubebuilder:object:generate=true +groupName=gcp.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=gcp.vault.upbound.io +versionName=v1alpha1
generic/v1alpha1
+kubebuilder:object:generate=true +groupName=generic.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=generic.vault.upbound.io +versionName=v1alpha1
github/v1alpha1
+kubebuilder:object:generate=true +groupName=github.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=github.vault.upbound.io +versionName=v1alpha1
identity/v1alpha1
+kubebuilder:object:generate=true +groupName=identity.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=identity.vault.upbound.io +versionName=v1alpha1
jwt/v1alpha1
+kubebuilder:object:generate=true +groupName=jwt.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=jwt.vault.upbound.io +versionName=v1alpha1
kmip/v1alpha1
+kubebuilder:object:generate=true +groupName=kmip.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=kmip.vault.upbound.io +versionName=v1alpha1
kubernetes/v1alpha1
+kubebuilder:object:generate=true +groupName=kubernetes.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=kubernetes.vault.upbound.io +versionName=v1alpha1
kv/v1alpha1
+kubebuilder:object:generate=true +groupName=kv.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=kv.vault.upbound.io +versionName=v1alpha1
ldap/v1alpha1
+kubebuilder:object:generate=true +groupName=ldap.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=ldap.vault.upbound.io +versionName=v1alpha1
managed/v1alpha1
+kubebuilder:object:generate=true +groupName=managed.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=managed.vault.upbound.io +versionName=v1alpha1
mfa/v1alpha1
+kubebuilder:object:generate=true +groupName=mfa.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=mfa.vault.upbound.io +versionName=v1alpha1
mongodbatlas/v1alpha1
+kubebuilder:object:generate=true +groupName=mongodbatlas.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=mongodbatlas.vault.upbound.io +versionName=v1alpha1
nomad/v1alpha1
+kubebuilder:object:generate=true +groupName=nomad.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=nomad.vault.upbound.io +versionName=v1alpha1
okta/v1alpha1
+kubebuilder:object:generate=true +groupName=okta.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=okta.vault.upbound.io +versionName=v1alpha1
password/v1alpha1
+kubebuilder:object:generate=true +groupName=password.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=password.vault.upbound.io +versionName=v1alpha1
pki/v1alpha1
+kubebuilder:object:generate=true +groupName=pki.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=pki.vault.upbound.io +versionName=v1alpha1
quota/v1alpha1
+kubebuilder:object:generate=true +groupName=quota.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=quota.vault.upbound.io +versionName=v1alpha1
rabbitmq/v1alpha1
+kubebuilder:object:generate=true +groupName=rabbitmq.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=rabbitmq.vault.upbound.io +versionName=v1alpha1
raft/v1alpha1
+kubebuilder:object:generate=true +groupName=raft.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=raft.vault.upbound.io +versionName=v1alpha1
rgp/v1alpha1
+kubebuilder:object:generate=true +groupName=rgp.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=rgp.vault.upbound.io +versionName=v1alpha1
ssh/v1alpha1
+kubebuilder:object:generate=true +groupName=ssh.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=ssh.vault.upbound.io +versionName=v1alpha1
terraform/v1alpha1
+kubebuilder:object:generate=true +groupName=terraform.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=terraform.vault.upbound.io +versionName=v1alpha1
token/v1alpha1
+kubebuilder:object:generate=true +groupName=token.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=token.vault.upbound.io +versionName=v1alpha1
transform/v1alpha1
+kubebuilder:object:generate=true +groupName=transform.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=transform.vault.upbound.io +versionName=v1alpha1
transit/v1alpha1
+kubebuilder:object:generate=true +groupName=transit.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=transit.vault.upbound.io +versionName=v1alpha1
v1alpha1
Package v1alpha1 contains the core resources of the vault jet provider.
Package v1alpha1 contains the core resources of the vault jet provider.
v1beta1
Package v1beta1 contains the core resources of the vault upjet provider.
Package v1beta1 contains the core resources of the vault upjet provider.
vault/v1alpha1
+kubebuilder:object:generate=true +groupName=vault.vault.upbound.io +versionName=v1alpha1
+kubebuilder:object:generate=true +groupName=vault.vault.upbound.io +versionName=v1alpha1
cmd
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL