From 9b41b18aa8688d2c223aee63f2e4abac29f60eb1 Mon Sep 17 00:00:00 2001
From: Lallu Anthoor <lallu.anthoor@sap.com>
Date: Wed, 13 Mar 2024 14:59:08 +0530
Subject: [PATCH 1/2] feat: add support for namespace

---
 .../kotlin/com/liftric/vault/GetVaultSecretTask.kt |  7 ++++++-
 src/main/kotlin/com/liftric/vault/VaultClient.kt   | 14 ++++++++------
 .../com/liftric/vault/VaultClientExtension.kt      |  4 ++++
 .../kotlin/com/liftric/vault/VaultClientPlugin.kt  |  4 +++-
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/main/kotlin/com/liftric/vault/GetVaultSecretTask.kt b/src/main/kotlin/com/liftric/vault/GetVaultSecretTask.kt
index 8292a11..65ab4e5 100644
--- a/src/main/kotlin/com/liftric/vault/GetVaultSecretTask.kt
+++ b/src/main/kotlin/com/liftric/vault/GetVaultSecretTask.kt
@@ -46,6 +46,10 @@ open class GetVaultSecretTask : DefaultTask() {
     @Optional
     val retryIntervalMilliseconds: Property<Int> = project.objects.property()
 
+    @Input
+    @Optional
+    val namespace: Property<String> = project.objects.property()
+
     @Internal
     // actually used as output...
     val secret: MapProperty<String, String> = project.objects.mapProperty()
@@ -63,7 +67,8 @@ open class GetVaultSecretTask : DefaultTask() {
                 token = token,
                 vaultAddress = address,
                 maxRetries = maxRetries,
-                retryIntervalMilliseconds = retryIntervalMilliseconds
+                retryIntervalMilliseconds = retryIntervalMilliseconds,
+                namespace = namespace.orNull
             ).get(path)
         )
     }
diff --git a/src/main/kotlin/com/liftric/vault/VaultClient.kt b/src/main/kotlin/com/liftric/vault/VaultClient.kt
index 99d2a86..8e25f4b 100644
--- a/src/main/kotlin/com/liftric/vault/VaultClient.kt
+++ b/src/main/kotlin/com/liftric/vault/VaultClient.kt
@@ -11,7 +11,8 @@ class VaultClient(
     token: String,
     private val vaultAddress: String,
     private val maxRetries: Int,
-    private val retryIntervalMilliseconds: Int
+    private val retryIntervalMilliseconds: Int,
+    private val namespace: String?
 ) {
     private val config by lazy {
         try {
@@ -40,11 +41,12 @@ class VaultClient(
         verifyTokenValid()
         return try {
             vault.withRetries(maxRetries, retryIntervalMilliseconds)
-                .logical()
-                .read(secretPath)
-                .data.also {
-                    if (it.isEmpty()) error("[vault] secret response contains no data - secret exists? token has correct rights to access it?")
-                }
+                 .logical()
+                 .withNameSpace(namespace)
+                 .read(secretPath)
+                 .data.also {
+                     if (it.isEmpty()) error("[vault] secret response contains no data - secret exists? token has correct rights to access it?")
+                 }
         } catch (e: VaultException) {
             println(
                 "[vault] exception while calling vault at $vaultAddress: ${e.message} - secret exists? token has correct rights to access it?"
diff --git a/src/main/kotlin/com/liftric/vault/VaultClientExtension.kt b/src/main/kotlin/com/liftric/vault/VaultClientExtension.kt
index dad8b74..7e26834 100644
--- a/src/main/kotlin/com/liftric/vault/VaultClientExtension.kt
+++ b/src/main/kotlin/com/liftric/vault/VaultClientExtension.kt
@@ -41,4 +41,8 @@ open class VaultClientExtension(project: Project) {
     @Input
     @Optional
     val retryIntervalMilliseconds: Property<Int> = project.objects.property()
+
+    @Input
+    @Optional
+    val namespace: Property<String> = project.objects.property()
 }
diff --git a/src/main/kotlin/com/liftric/vault/VaultClientPlugin.kt b/src/main/kotlin/com/liftric/vault/VaultClientPlugin.kt
index 4447014..cbfd113 100644
--- a/src/main/kotlin/com/liftric/vault/VaultClientPlugin.kt
+++ b/src/main/kotlin/com/liftric/vault/VaultClientPlugin.kt
@@ -34,12 +34,14 @@ fun Project.vault(secretPath: String): Map<String, String> {
     val address = GetVaultSecretTask.determinAddress(vaultAddress = extension.vaultAddress.orNull)
     val maxRetries = extension.maxRetries.getOrElse(Defaults.MAX_RETRIES)
     val retryIntervalMilliseconds = extension.retryIntervalMilliseconds.getOrElse(Defaults.RETRY_INTERVAL_MILLI)
+    val namespace = extension.namespace.orNull
     println("[vault] getting `$secretPath` from $address")
 
     return VaultClient(
         token = token,
         vaultAddress = address,
         maxRetries = maxRetries,
-        retryIntervalMilliseconds = retryIntervalMilliseconds
+        retryIntervalMilliseconds = retryIntervalMilliseconds,
+        namespace = namespace
     ).get(secretPath)
 }

From 5996513c1a69ac52a71de23f237c41a6edff5ce0 Mon Sep 17 00:00:00 2001
From: Lallu Anthoor <lallu.anthoor@sap.com>
Date: Wed, 13 Mar 2024 15:14:45 +0530
Subject: [PATCH 2/2] test: add integration tests for namespace access

---
 integration-token/build.gradle.kts | 22 +++++++++++++++++++++-
 vault.sh                           |  4 ++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/integration-token/build.gradle.kts b/integration-token/build.gradle.kts
index e72039d..e7429e0 100644
--- a/integration-token/build.gradle.kts
+++ b/integration-token/build.gradle.kts
@@ -34,7 +34,27 @@ tasks {
             if (with(Configs) { secretStuff() != "helloworld:1337" }) throw kotlin.IllegalStateException("config with secret couldn't be read")
         }
     }
+    val needsSecretsFromSimpleNamespace by creating(GetVaultSecretTask::class) {
+        secretPath.set("secret/example")
+        namespace.set("test")
+        doLast {
+            val secret = secret.get()
+            if (secret["examplestring"] != "helloworld") throw kotlin.IllegalStateException("examplestring couldn't be read from test namespace")
+            if (secret["exampleint"]?.toInt() != 1337) throw kotlin.IllegalStateException("exampleint couldn't be read from test namespace")
+            println("getting secret succeeded!")
+        }
+    }
+    val needsSecretsFromNestedNamespace by creating(GetVaultSecretTask::class) {
+        secretPath.set("secret/example")
+        namespace.set("test/child")
+        doLast {
+            val secret = secret.get()
+            if (secret["examplestring"] != "helloworld") throw kotlin.IllegalStateException("examplestring couldn't be read from test/child namespace")
+            if (secret["exampleint"]?.toInt() != 1337) throw kotlin.IllegalStateException("exampleint couldn't be read from test/child namespace")
+            println("getting secret succeeded!")
+        }
+    }
     val build by existing {
-        dependsOn(needsSecretsConfigTime, needsSecrets, fromBuildSrc)
+        dependsOn(needsSecretsConfigTime, needsSecrets, fromBuildSrc, needsSecretsFromSimpleNamespace, needsSecretsFromNestedNamespace)
     }
 }
diff --git a/vault.sh b/vault.sh
index 421b0e4..eda8064 100644
--- a/vault.sh
+++ b/vault.sh
@@ -8,4 +8,8 @@ export VAULT_TOKEN='myroottoken'
 vault token lookup
 vault kv put secret/example examplestring=helloworld exampleint=1337
 vault kv get secret/example
+vault namespace create test
+vault namespace create -namespace=test child
+vault kv put -namespace=test secret/example examplestring=hellochild exampleint=1338
+vault kv put -namespace=test/child secret/example examplestring=hellochildchild exampleint=1339
 wait $pid