#150 Fix JWT bugs

apis/externalsecrets/v1alpha1/secretstore_vault_types.go

@@ -153,6 +153,7 @@ type VaultLdapAuth struct {
 type VaultJwtAuth struct {
 	// Role is a JWT role to authenticate using the JWT/OIDC Vault
 	// authentication method
+	// +optional
 	Role string `json:"role"`
 
 	// SecretRef to a key in a Secret resource containing JWT token to

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -221,8 +221,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                            required:
-                            - role
                             type: object
                           kubernetes:
                             description: Kubernetes authenticates with Vault by passing

deploy/crds/external-secrets.io_secretstores.yaml

@@ -221,8 +221,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                            required:
-                            - role
                             type: object
                           kubernetes:
                             description: Kubernetes authenticates with Vault by passing

docs/spec.md

@@ -1417,6 +1417,7 @@ string
 </em>
 </td>
 <td>
+<em>(Optional)</em>
 <p>Role is a JWT role to authenticate using the JWT/OIDC Vault
 authentication method</p>
 </td>

pkg/provider/vault/vault.go

@@ -267,6 +267,16 @@ func (v *client) setAuth(ctx context.Context, client Client) error {
 		return nil
 	}
 
+	jwtAuth := v.store.Auth.Jwt
+	if jwtAuth != nil {
+		token, err := v.requestTokenWithJwtAuth(ctx, client, jwtAuth)
+		if err != nil {
+			return err
+		}
+		client.SetToken(token)
+		return nil
+	}
+
 	return errors.New(errAuthFormat)
 }