Open
Description
For kubernetes auth login, if its enabled only for a specific VAULT NAMESPACE
(as usually what happens when enterprise vault is used), we can pass the following in the deployment spec to retrieve the token. However, in your vault.go you have a call to sys/health, which can only be called from a Root namespace and fails. Please see if there is a way it can be handled or improvised.
# Adding vault namespace to your deployment spec:
env:
- name: VAULT_NAMESPACE
value: "myns1"
# Error from sys/health
ERROR backend.vault could not get health information about vault cluster {"vault_url": "https://myvault:8200", "vault_engine": "kv1", "error": "Error making API request.\n\nURL: GET https://myvault:8200/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299\nCode: 404. Errors:\n\n* unsupported path"}
github.com/go-logr/zapr.(*zapLogger).Error
/go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128
github.com/tuenti/secrets-manager/backend.vaultClient
/workspace/backend/vault.go:138
github.com/tuenti/secrets-manager/backend.NewBackendClient
/workspace/backend/backend.go:51
main.main
/workspace/main.go:98
runtime.main
/usr/local/go/src/runtime/proc.go:200