add path to jwt vault auth

apis/externalsecrets/v1alpha1/secretstore_vault_types.go

@@ -191,6 +191,11 @@ type VaultLdapAuth struct {
 // VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication
 // method, with the role name and token stored in a Kubernetes Secret resource.
 type VaultJwtAuth struct {
+	// Path where the JWT authentication backend is mounted
+	// in Vault, e.g: "jwt"
+	// +kubebuilder:default=jwt
+	Path string `json:"path"`
+
 	// Role is a JWT role to authenticate using the JWT/OIDC Vault
 	// authentication method
 	// +optional

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -704,6 +704,11 @@ spec:
                             description: Jwt authenticates with Vault by passing role
                               and JWT token using the JWT/OIDC authentication method
                             properties:
+                              path:
+                                default: jwt
+                                description: 'Path where the JWT authentication backend
+                                  is mounted in Vault, e.g: "jwt"'
+                                type: string
                               role:
                                 description: Role is a JWT role to authenticate using
                                   the JWT/OIDC Vault authentication method
@@ -730,6 +735,8 @@ spec:
                                       the referent.
                                     type: string
                                 type: object
+                            required:
+                            - path
                             type: object
                           kubernetes:
                             description: Kubernetes authenticates with Vault by passing

deploy/crds/external-secrets.io_secretstores.yaml

@@ -704,6 +704,11 @@ spec:
                             description: Jwt authenticates with Vault by passing role
                               and JWT token using the JWT/OIDC authentication method
                             properties:
+                              path:
+                                default: jwt
+                                description: 'Path where the JWT authentication backend
+                                  is mounted in Vault, e.g: "jwt"'
+                                type: string
                               role:
                                 description: Role is a JWT role to authenticate using
                                   the JWT/OIDC Vault authentication method
@@ -730,6 +735,8 @@ spec:
                                       the referent.
                                     type: string
                                 type: object
+                            required:
+                            - path
                             type: object
                           kubernetes:
                             description: Kubernetes authenticates with Vault by passing

docs/snippets/vault-jwt-store.yaml

@@ -13,6 +13,8 @@ spec:
         # VaultJwt authenticates with Vault using the JWT/OIDC auth mechanism
         # https://www.vaultproject.io/docs/auth/jwt
         jwt:
+          # Path where the JWT authentication backend is mounted
+          path: "jwt"
           # JWT role configured in a Vault server, optional.
           role: "vault-jwt-role"
           secretRef:

docs/snippets/vault-ldap-store.yaml

@@ -13,7 +13,7 @@ spec:
         # VaultLdap authenticates with Vault using the LDAP auth mechanism
         # https://www.vaultproject.io/docs/auth/ldap
         ldap:
-        # Path where the LDAP authentication backend is mounted
+          # Path where the LDAP authentication backend is mounted
           path: "ldap"
           # LDAP username
           username: "username"

pkg/provider/vault/vault.go

@@ -673,7 +673,7 @@ func (v *client) requestTokenWithJwtAuth(ctx context.Context, client Client, jwt
 		"role": role,
 		"jwt":  jwt,
 	}
-	url := strings.Join([]string{"/v1", "auth", "jwt", "login"}, "/")
+	url := strings.Join([]string{"/v1", "auth", jwtAuth.Path, "login"}, "/")
 	request := client.NewRequest("POST", url)
 
 	err = request.SetJSONBody(parameters)