Support Vault EE namespaces
Currently the vault integration does not support Vault EE namespaces. Only the vault server URL, role name and auth path can be configured with the variables. It is possible to just prefix the engine's path with the namespace, but it is not possible to specify the namespace for the authentication.
This change makes the namespace configurable wiht the VAULT_NAMESPACE
variable (similar to how VAULT_SERVER_URL
, VAULT_AUTH_ROLE
and
VAULT_AUTH_PATH
are being used already). API operations performed
under a namespace are done by providing the namespace name in
X-Vault-Namespace
header.
related MR: gitlab!80590 (merged)
ref gitlab#255619 ref https://gitlab.com/ubs-group1/ubs/ubs-global/-/issues/92
Merge request reports
Activity
Thank you for your contribution to GitLab. We believe that everyone can contribute and contributions like yours are what make GitLab great!
Some contributions require several iterations of review and we try to mentor contributors during this process. However, we understand that some reviews can be very time consuming. If you would prefer for us to continue the work you've submitted now or at any point in the future please let us know.
If you're okay with being part of our review process (and we hope you are!), there are several initial checks we ask you to make:
- The merge request description clearly explains:
- The problem being solved.
- The best way a reviewer can test your changes (is it possible to provide an example?).
- If the pipeline failed, do you need help identifying what failed?
- Check that Go code follows our Go guidelines.
- Read our contributing to GitLab Runner document.
This message was generated automatically. You're welcome to improve it.
- The merge request description clearly explains:
added Community contribution label
assigned to @aleksanderzak
mentioned in merge request gitlab!80590 (merged)
added [Deprecated] Category:Runner devopsverify grouprunner labels
added 1st contribution label
added sectionops label
@dhershkovitch @matteeyah - this is 1 of the 2 MRs which we discussed in SLACK as a user contribution.
Could you please have a look / check, if we are missing anything from a contribution perspective?
@erushton Can you take a look at this contribution?
@DarrenEastman - FYI - User / customer contribution for the runner
@manuel.kraft thanks.
cc @erushton
requested review from @erushton
added ReviewP2 label
requested review from @tmaczukin
- Resolved by Aleksander Zak
- Resolved by Aleksander Zak
@aleksanderzak I've left few comments. Additionally, please rebase your commit on top of current
main
- this should resolve the pipeline failures we can see now in this MR.thank you for the review @tmaczukin
added 37 commits
- 73239246 - Support Vault EE namespaces
- 69e8ea64 - Fix Azure caching example config
- f0501e2a - Encourage use of K8s secrets
- d777e186 - Add integration test for artifacts redirection
- 0bb92cc9 - Add test for network/client redirections with 307/308
- e3ac8ce8 - Retry artifacts upload with changed URL on 307/308 responses
- 6d15d619 - Update the integration test
- e4cfe2e9 - Fix artifacts upload redirection handling
- 630fb1d6 - Update docs/executors/shell.md
- 458c186f - Clarify that listed limitations are specific to Windows
- cb657d91 - Fix typo
- 87030865 - Bump version of Go for project to 1.17.6
- d17c3718 - update docs/shells/index.md: shell descriptions
- ede37f11 - Use latest docs linting image for Markdown
- caae7266 - Add debian/bullseye to packagecloud DEB_PLATFORMS
- d2b500d5 - Update docs/configuration/autoscale.md
- 5d2f9dba - Remove vendor/ directory
- 2ab4c4d3 - Ensure proper assumptions
- 96c01bfb - Divide packages buildling jobs in the pipeline even more
- 72d312c1 - Cleanup cache proxy pattern
- 018b047b - Add darwin arm64
- e52b8720 - Update OSX installation documentation for Apple Silicon
- 001c999e - Install supported Go version for Windows prior to testing
- 1b5ac344 - Make use of build requests/limits for build permission init container.
- ed02c977 - Use helper (instead of build) limits/requests for init container
- 92b207ee - Upgrade minio to v7.0.21
- e11659f1 - Upgrade Go to 1.17.7
- aa67ddf1 - Docs: Add more common -machine-machine-options
- 645d3f89 - Added support for Variables in Services for Docker/Kubernetes
- e3e04cff - Exposed ServiceVariables as a new feature for both Docker and Kubernetes
- 79c4926f - Ensure shell writers terminate with newline flush
- cc7b2fae - Add details to docs on CI_SERVER_TLS_CA_FILE
- 16ddae56 - Update CHANGELOG for v14.8.0
- 6afdca7c - Bump version to v14.8.0
- 5d5c8ffa - Updated agent for Kubernetes
- 0d4757c2 - Align debian releases for stable and Bleeding Edge versions
- 223cbe90 - Support Vault EE namespaces
Toggle commit listhi
@matteeyah - could you check with our team for a second review based on the changes from @aleksanderzak which now committed?@tmaczukin @erushton Any updates on this?
added 62 commits
-
223cbe90...d6fe2299 - 61 commits from branch
gitlab-org:main
- bdce7e7f - Support Vault EE namespaces
-
223cbe90...d6fe2299 - 61 commits from branch
changed milestone to %14.9
added Category:Secrets Management featureenhancement typefeature labels
This looks good to me. Thank you @aleksanderzak for your contribution!
I've started a pipeline to go through the
trigger runner-incept tests
and enabled automatic merge train when this pipeline will succeed.enabled automatic add to merge train when the pipeline for 43d493f3 succeeds
mentioned in issue gitlab#255186 (closed)
mentioned in commit c223c362
Hi @aleksanderzak,
We would love to know how you found your code review experience in this merge request! Please leave a
or a on this comment to describe your experience.Once done, please comment
@gitlab-bot feedback
below and feel free to leave any additional feedback you have in the same comment.Thanks for your help!
added customer label
mentioned in issue #29972