Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c26781fca5 |
@@ -6,6 +6,7 @@ DISTRO ?= almalinux/el9
|
||||
# Authentication variables (optional)
|
||||
# VAULT_ROLE_ID - Use AppRole authentication if set
|
||||
# VAULT_ROLE - Kubernetes role for service account authentication (default: rpmbuilder)
|
||||
# VAULT_AUDIENCE - Audience for Kubernetes authentication (default: vault)
|
||||
|
||||
# Automatically find all packages with metadata.yaml
|
||||
PACKAGES := $(shell find $(ROOT_DIR)/rpms -mindepth 1 -maxdepth 1 -type d -exec test -f {}/metadata.yaml \; -print | xargs -n1 basename | sort)
|
||||
|
||||
+3
-1
@@ -167,6 +167,7 @@ def get_vault_client() -> hvac.Client:
|
||||
vault_addr = os.getenv('VAULT_ADDR', 'https://vault.service.consul:8200')
|
||||
vault_role_id = os.getenv('VAULT_ROLE_ID')
|
||||
vault_role = os.getenv('VAULT_ROLE', 'rpmbuilder')
|
||||
vault_audience = os.getenv('VAULT_AUDIENCE', 'vault')
|
||||
|
||||
# Initialize Vault client with CA certificate
|
||||
client = hvac.Client(
|
||||
@@ -206,7 +207,8 @@ def get_vault_client() -> hvac.Client:
|
||||
client.auth.kubernetes.login(
|
||||
role=vault_role,
|
||||
jwt=jwt_token,
|
||||
mount_point='k8s/au/syd1'
|
||||
mount_point='k8s/au/syd1',
|
||||
audience=vault_audience
|
||||
)
|
||||
|
||||
if not client.is_authenticated():
|
||||
|
||||
Reference in New Issue
Block a user