Add support for mount path in ldap auth

apis/externalsecrets/v1alpha1/secretstore_vault_types.go

@@ -173,6 +173,11 @@ type VaultKubernetesAuth struct {
 // VaultLdapAuth authenticates with Vault using the LDAP authentication method,
 // with the username and password stored in a Kubernetes Secret resource.
 type VaultLdapAuth struct {
+	// Path where the LDAP authentication backend is mounted
+	// in Vault, e.g: "ldap"
+	// +kubebuilder:default=ldap
+	Path string `json:"path"`
+	
 	// Username is a LDAP user name used to authenticate using the LDAP Vault
 	// authentication method
 	Username string `json:"username"`

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -800,6 +800,11 @@ spec:
                               username/password pair using the LDAP authentication
                               method
                             properties:
+                              path:
+                                default: ldap
+                                description: 'Path where the LDAP authentication backend
+                                  is mounted in Vault, e.g: "ldap"'
+                                type: string
                               secretRef:
                                 description: SecretRef to a key in a Secret resource
                                   containing password for the LDAP user used to authenticate
@@ -828,6 +833,7 @@ spec:
                                   method
                                 type: string
                             required:
+                            - path
                             - username
                             type: object
                           tokenSecretRef:

deploy/crds/external-secrets.io_secretstores.yaml

@@ -800,6 +800,11 @@ spec:
                               username/password pair using the LDAP authentication
                               method
                             properties:
+                              path:
+                                default: ldap
+                                description: 'Path where the LDAP authentication backend
+                                  is mounted in Vault, e.g: "ldap"'
+                                type: string
                               secretRef:
                                 description: SecretRef to a key in a Secret resource
                                   containing password for the LDAP user used to authenticate
@@ -828,6 +833,7 @@ spec:
                                   method
                                 type: string
                             required:
+                            - path
                             - username
                             type: object
                           tokenSecretRef:

docs/provider-hashicorp-vault.md

@@ -77,10 +77,12 @@ Vault supports only simple key/value pairs - nested objects are not supported. H
 
 ### Authentication
 
-We support three different modes for authentication:
+We support five different modes for authentication:
 [token-based](https://www.vaultproject.io/docs/auth/token),
-[appRole](https://www.vaultproject.io/docs/auth/approle) and
-[kubernetes-native](https://www.vaultproject.io/docs/auth/kubernetes), each one comes with it's own
+[appRole](https://www.vaultproject.io/docs/auth/approle),
+[kubernetes-native](https://www.vaultproject.io/docs/auth/kubernetes),
+[ldap](https://www.vaultproject.io/docs/auth/ldap) and
+[jwt/odic](https://www.vaultproject.io/docs/auth/jwt), each one comes with it's own
 trade-offs. Depending on the authentication method you need to adapt your environment.
 
 #### Token-based authentication

docs/snippets/vault-ldap-store.yaml

@@ -13,6 +13,8 @@ spec:
         # VaultLdap authenticates with Vault using the LDAP auth mechanism
         # https://www.vaultproject.io/docs/auth/ldap
         ldap:
+        # Path where the LDAP authentication backend is mounted
+          path: "ldap"
           # LDAP username
           username: "username"
           secretRef:

pkg/provider/vault/vault.go

@@ -633,7 +633,7 @@ func (v *client) requestTokenWithLdapAuth(ctx context.Context, client Client, ld
 	parameters := map[string]string{
 		"password": password,
 	}
-	url := strings.Join([]string{"/v1", "auth", "ldap", "login", username}, "/")
+	url := strings.Join([]string{"/v1", "auth", ldapAuth.Path, "login", username}, "/")
 	request := client.NewRequest("POST", url)
 
 	err = request.SetJSONBody(parameters)