2 years ago · 593eb13999
--- a/apis/generators/v1alpha1/generator_vault.go
+++ b/apis/generators/v1alpha1/generator_vault.go
@@ -33,6 +33,14 @@ type VaultDynamicSecretSpec struct {
 
																 	// Parameters to pass to Vault write (for non-GET methods)
															
 
																 	Parameters *apiextensions.JSON `json:"parameters,omitempty"`
															
 
																+	// Result type defines which data is returned from the generator.
															
 
																+	// By default it is the "data" section of the Vault API response.
															
 
																+	// When using e.g. /auth/token/create the "data" section is empty but
															
 
																+	// the "auth" section contains the generated token.
															
 
																+	// Please refer to the vault docs regarding the result data structure.
															
 
																+	// +kubebuilder:default=Data
															
 
																+	ResultType VaultDynamicSecretResultType `json:"resultType,omitempty"`
															
 
																+
															
 
																 	// Vault provider common spec
															
 
																 	Provider *esv1beta1.VaultProvider `json:"provider"`
															
@@ -40,6 +48,13 @@ type VaultDynamicSecretSpec struct {
 
																 	Path string `json:"path"`
															
 
																 }
															
 
																+type VaultDynamicSecretResultType string
															
 
																+
															
 
																+const (
															
 
																+	VaultDynamicSecretResultTypeData VaultDynamicSecretResultType = "Data"
															
 
																+	VaultDynamicSecretResultTypeAuth VaultDynamicSecretResultType = "Auth"
															
 
																+)
															
 
																+
															
 
																 // +kubebuilder:object:root=true
															
 
																 // +kubebuilder:storageversion
															
 
																 // +kubebuilder:subresource:status
															
--- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml
+++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml
@@ -580,6 +580,14 @@ spec:
 
																                 - auth
															
 
																                 - server
															
 
																                 type: object
															
 
																+              resultType:
															
 
																+                default: Data
															
 
																+                description: Result type defines which data is returned from the generator.
															
 
																+                  By default it is the "data" section of the Vault API response. When
															
 
																+                  using e.g. /auth/token/create the "data" section is empty but the
															
 
																+                  "auth" section contains the generated token. Please refer to the
															
 
																+                  vault docs regarding the result data structure.
															
 
																+                type: string
															
 
																             required:
															
 
																             - path
															
 
																             - provider
															
--- a/deploy/crds/bundle.yaml
+++ b/deploy/crds/bundle.yaml
@@ -7666,6 +7666,10 @@ spec:
 
																                     - auth
															
 
																                     - server
															
 
																                   type: object
															
 
																+                resultType:
															
 
																+                  default: Data
															
 
																+                  description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure.
															
 
																+                  type: string
															
 
																               required:
															
 
																                 - path
															
 
																                 - provider
															
--- a/pkg/generator/vault/vault.go
+++ b/pkg/generator/vault/vault.go
@@ -98,9 +98,23 @@ func (g *Generator) generate(ctx context.Context, c *provider.Connector, jsonSpe
 
																 		return nil, fmt.Errorf(errGetSecret, fmt.Errorf("empty response from Vault"))
															
 
																 	}
															
 
																+	data := make(map[string]interface{})
															
 
																 	response := make(map[string][]byte)
															
 
																-	for k := range result.Data {
															
 
																-		response[k], err = provider.GetTypedKey(result.Data, k)
															
 
																+	if res.Spec.ResultType == genv1alpha1.VaultDynamicSecretResultTypeAuth {
															
 
																+		authJSON, err := json.Marshal(result.Auth)
															
 
																+		if err != nil {
															
 
																+			return nil, err
															
 
																+		}
															
 
																+		err = json.Unmarshal(authJSON, &data)
															
 
																+		if err != nil {
															
 
																+			return nil, err
															
 
																+		}
															
 
																+	} else {
															
 
																+		data = result.Data
															
 
																+	}
															
 
																+
															
 
																+	for k := range data {
															
 
																+		response[k], err = provider.GetTypedKey(data, k)
															
 
																 		if err != nil {
															
 
																 			return nil, err
															
 
																 		}