add vault namespace support

2026-01-11 10:00:01 -03:30 · 2021-03-16 09:27:22 -04:00 · 2021-03-16 09:27:22 -04:00 · 1550989482
commit 1550989482
parent d94a49ac74
1 changed files with 7 additions and 0 deletions
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@ -143,6 +143,9 @@ def approle_auth(**kwargs):
    # AppRole Login
    request_kwargs['json'] = {'role_id': role_id, 'secret_id': secret_id}
    sess = requests.Session()
+    # Namespace support
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']
    request_url = '/'.join([url, 'auth', auth_path, 'login']).rstrip('/')
    with CertFiles(cacert) as cert:
        request_kwargs['verify'] = cert
@ -170,6 +173,8 @@ def kv_backend(**kwargs):
    sess.headers['Authorization'] = 'Bearer {}'.format(token)
    # Compatibility header for older installs of Hashicorp Vault
    sess.headers['X-Vault-Token'] = token
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']

    if api_version == 'v2':
        if kwargs.get('secret_version'):
@ -228,6 +233,8 @@ def ssh_backend(**kwargs):

    sess = requests.Session()
    sess.headers['Authorization'] = 'Bearer {}'.format(token)
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']
    # Compatability header for older installs of Hashicorp Vault
    sess.headers['X-Vault-Token'] = token
    # https://www.vaultproject.io/api/secret/ssh/index.html#sign-ssh-key