Skip to content

Commit 09f6fd5

Browse files
kasiakoziolkasiakoziol
committed
CSPL-2600 Fixing Vault notifications not to create a token dir and store just a value
1 parent 5933a08 commit 09f6fd5

File tree

1 file changed

+8
-6
lines changed

1 file changed

+8
-6
lines changed

pkg/splunk/client/vault_setup.go

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,6 @@ func InjectVaultSecret(ctx context.Context, client splcommon.ControllerClient, s
129129
return fmt.Errorf("vault secretPath is required when vault is enabled")
130130
}
131131

132-
secretPath := vaultSpec.SecretPath
133132
vaultRole := vaultSpec.Role
134133
secretKeyToEnv := []string{
135134
"hec_token",
@@ -183,7 +182,7 @@ func InjectVaultSecret(ctx context.Context, client splcommon.ControllerClient, s
183182
},
184183
},
185184
}
186-
}
185+
}
187186

188187
splunkConfigYAML, err := yaml.Marshal(splunkConfig)
189188
if err != nil {
@@ -198,12 +197,15 @@ func InjectVaultSecret(ctx context.Context, client splcommon.ControllerClient, s
198197
annotations["vault.hashicorp.com/secret-volume-path-defaults"] = "/mnt/splunk-secrets"
199198
annotations["vault.hashicorp.com/agent-inject-template-defaults"] = splunkConfigString
200199
for _, key := range secretKeyToEnv {
201-
annotationKey := fmt.Sprintf("vault.hashicorp.com/agent-inject-secret-%s", key)
202-
annotations[annotationKey] = fmt.Sprintf("%s/%s", secretPath, key)
200+
annotationKey := fmt.Sprintf("vault.hashicorp.com/agent-inject-template-%s", key)
201+
annotations[annotationKey] = fmt.Sprintf("{{- with secret \"secret/data/splunk/%s\" -}}{{ .Data.value }}{{- end }}", key)
202+
if kvVersion == "2" {
203+
annotations[annotationKey] = fmt.Sprintf("{{- with secret \"secret/data/splunk/%s\" -}}{{ .Data.data.value }}{{- end }}", key)
204+
}
203205
annotationFile := fmt.Sprintf("vault.hashicorp.com/agent-inject-file-%s", key)
204206
annotations[annotationFile] = key
205207
annotationVolumeKey := fmt.Sprintf("vault.hashicorp.com/secret-volume-path-%s", key)
206-
annotations[annotationVolumeKey] = fmt.Sprintf("/mnt/splunk-secrets/%s", key)
208+
annotations[annotationVolumeKey] = "/mnt/splunk-secrets"
207209
}
208210

209211
// Apply these annotations to the StatefulSet PodTemplateSpec without overwriting existing ones
@@ -404,7 +406,7 @@ func GetSpecificSecretTokenFromVault(ctx context.Context, c splcommon.Controller
404406
password = metadataResponse.Data.Value
405407
} else if kvVersion == "2" {
406408
password = metadataResponse.Data.Data.Value
407-
}
409+
}
408410

409411
return password, nil
410412
}

0 commit comments

Comments
 (0)