From d94a49ac748ad0e2d7196d7d5084757c3106b31b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie?= <jerem991@gmail.com>
Date: Tue, 16 Mar 2021 09:16:55 -0400
Subject: [PATCH 1/2] Update hashivault.py

---
 awx/main/credential_plugins/hashivault.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py
index 7e262912a4..e128cd94b9 100644
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -40,6 +40,12 @@ base_inputs = {
         'multiline': False,
         'secret': True,
         'help_text': _('The Secret ID for AppRole Authentication')
+    }, {
+        'id': 'namespace',
+        'label': _('Namespace name (Vault Enterprise only)'),
+        'type': 'string',
+        'multiline': False,
+        'help_text': _('Name of the namespace to use when authenticate and retrieve secrets')
     }, {
         'id': 'default_auth_path',
         'label': _('Path to Approle Auth'),

From 15509894825fa4f266bcbc5edea408f0e24a93c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Ben=20Arros?=
 <jeremie-salomon.ben-arros@ubisoft.com>
Date: Tue, 16 Mar 2021 09:27:22 -0400
Subject: [PATCH 2/2] add vault namespace support

---
 awx/main/credential_plugins/hashivault.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py
index e128cd94b9..8c7a74c8e8 100644
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -143,6 +143,9 @@ def approle_auth(**kwargs):
     # AppRole Login
     request_kwargs['json'] = {'role_id': role_id, 'secret_id': secret_id}
     sess = requests.Session()
+    # Namespace support
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']
     request_url = '/'.join([url, 'auth', auth_path, 'login']).rstrip('/')
     with CertFiles(cacert) as cert:
         request_kwargs['verify'] = cert
@@ -170,6 +173,8 @@ def kv_backend(**kwargs):
     sess.headers['Authorization'] = 'Bearer {}'.format(token)
     # Compatibility header for older installs of Hashicorp Vault
     sess.headers['X-Vault-Token'] = token
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']
 
     if api_version == 'v2':
         if kwargs.get('secret_version'):
@@ -228,6 +233,8 @@ def ssh_backend(**kwargs):
 
     sess = requests.Session()
     sess.headers['Authorization'] = 'Bearer {}'.format(token)
+    if kwargs.get('namespace'):
+        sess.headers['X-Vault-Namespace'] = kwargs['namespace']
     # Compatability header for older installs of Hashicorp Vault
     sess.headers['X-Vault-Token'] = token
     # https://www.vaultproject.io/api/secret/ssh/index.html#sign-ssh-key