https://pulumi.com logo
#esc
Title
# esc
s

stale-belgium-7295

10/20/2023, 4:26 AM
Hi! esc seems pretty promising but I think there's a pretty big problem with the hashicorp vault integration, specially if you use vault HCP or vault enterprise (please correct me if I'm wrong). Here's your schema for vault-login -> link The problem stands here:
Copy code
"address": {
                    "type": "string",
                    "description": "The URL of the Vault server. Must contain a scheme and hostname, but no path."
                },
Must contain a scheme and hostname, but no path
. The problem is vault HCP/vault enterprise have a notion of namespace, and authentication methods are set at the namespace level, meaning that if I enable a
jwt
authentication in vault at the namespace level, I need to somehow specify the namespace when authenticating. Usually the namespace is either specified in the path, or via a header: • in the header
Copy code
curl --request POST \
     --header "X-Vault-Namespace: <NAMESPACE>" \
     --data '{"jwt": "'"$(cat $JWT_PATH)"'", "role": "'"$ROLE"'"}' \
     $VAULT_ADDR/v1/auth/jwt/login
• in the path
Copy code
curl --request POST \
     --data '{"jwt": "'"$(cat $JWT_PATH)"'", "role": "'"$ROLE"'"}' \
     $VAULT_ADDR/v1/<NAMESPACE>/auth/jwt/login
But it doesn't seem like we can configure which namespace to use in pulumi ESC's vault integration?