feat: allow accessing credentials from a namespace

integration-token/build.gradle.kts

@@ -34,7 +34,27 @@ tasks {
             if (with(Configs) { secretStuff() != "helloworld:1337" }) throw kotlin.IllegalStateException("config with secret couldn't be read")
         }
     }
+    val needsSecretsFromSimpleNamespace by creating(GetVaultSecretTask::class) {
+        secretPath.set("secret/example")
+        namespace.set("test")
+        doLast {
+            val secret = secret.get()
+            if (secret["examplestring"] != "helloworld") throw kotlin.IllegalStateException("examplestring couldn't be read from test namespace")
+            if (secret["exampleint"]?.toInt() != 1337) throw kotlin.IllegalStateException("exampleint couldn't be read from test namespace")
+            println("getting secret succeeded!")
+        }
+    }
+    val needsSecretsFromNestedNamespace by creating(GetVaultSecretTask::class) {
+        secretPath.set("secret/example")
+        namespace.set("test/child")
+        doLast {
+            val secret = secret.get()
+            if (secret["examplestring"] != "helloworld") throw kotlin.IllegalStateException("examplestring couldn't be read from test/child namespace")
+            if (secret["exampleint"]?.toInt() != 1337) throw kotlin.IllegalStateException("exampleint couldn't be read from test/child namespace")
+            println("getting secret succeeded!")
+        }
+    }
     val build by existing {
-        dependsOn(needsSecretsConfigTime, needsSecrets, fromBuildSrc)
+        dependsOn(needsSecretsConfigTime, needsSecrets, fromBuildSrc, needsSecretsFromSimpleNamespace, needsSecretsFromNestedNamespace)
     }
 }

src/main/kotlin/com/liftric/vault/GetVaultSecretTask.kt

@@ -46,6 +46,10 @@ open class GetVaultSecretTask : DefaultTask() {
     @Optional
     val retryIntervalMilliseconds: Property<Int> = project.objects.property()
 
+    @Input
+    @Optional
+    val namespace: Property<String> = project.objects.property()
+
     @Internal
     // actually used as output...
     val secret: MapProperty<String, String> = project.objects.mapProperty()
@@ -63,7 +67,8 @@ open class GetVaultSecretTask : DefaultTask() {
                 token = token,
                 vaultAddress = address,
                 maxRetries = maxRetries,
-                retryIntervalMilliseconds = retryIntervalMilliseconds
+                retryIntervalMilliseconds = retryIntervalMilliseconds,
+                namespace = namespace.orNull
             ).get(path)
         )
     }

src/main/kotlin/com/liftric/vault/VaultClient.kt

@@ -11,7 +11,8 @@ class VaultClient(
     token: String,
     private val vaultAddress: String,
     private val maxRetries: Int,
-    private val retryIntervalMilliseconds: Int
+    private val retryIntervalMilliseconds: Int,
+    private val namespace: String?
 ) {
     private val config by lazy {
         try {
@@ -40,11 +41,12 @@ class VaultClient(
         verifyTokenValid()
         return try {
             vault.withRetries(maxRetries, retryIntervalMilliseconds)
-                .logical()
-                .read(secretPath)
-                .data.also {
-                    if (it.isEmpty()) error("[vault] secret response contains no data - secret exists? token has correct rights to access it?")
-                }
+                 .logical()
+                 .withNameSpace(namespace)
+                 .read(secretPath)
+                 .data.also {
+                     if (it.isEmpty()) error("[vault] secret response contains no data - secret exists? token has correct rights to access it?")
+                 }
         } catch (e: VaultException) {
             println(
                 "[vault] exception while calling vault at $vaultAddress: ${e.message} - secret exists? token has correct rights to access it?"

src/main/kotlin/com/liftric/vault/VaultClientExtension.kt

@@ -41,4 +41,8 @@ open class VaultClientExtension(project: Project) {
     @Input
     @Optional
     val retryIntervalMilliseconds: Property<Int> = project.objects.property()
+
+    @Input
+    @Optional
+    val namespace: Property<String> = project.objects.property()
 }

src/main/kotlin/com/liftric/vault/VaultClientPlugin.kt

@@ -34,12 +34,14 @@ fun Project.vault(secretPath: String): Map<String, String> {
     val address = GetVaultSecretTask.determinAddress(vaultAddress = extension.vaultAddress.orNull)
     val maxRetries = extension.maxRetries.getOrElse(Defaults.MAX_RETRIES)
     val retryIntervalMilliseconds = extension.retryIntervalMilliseconds.getOrElse(Defaults.RETRY_INTERVAL_MILLI)
+    val namespace = extension.namespace.orNull
     println("[vault] getting `$secretPath` from $address")
 
     return VaultClient(
         token = token,
         vaultAddress = address,
         maxRetries = maxRetries,
-        retryIntervalMilliseconds = retryIntervalMilliseconds
+        retryIntervalMilliseconds = retryIntervalMilliseconds,
+        namespace = namespace
     ).get(secretPath)
 }

vault.sh

@@ -8,4 +8,8 @@ export VAULT_TOKEN='myroottoken'
 vault token lookup
 vault kv put secret/example examplestring=helloworld exampleint=1337
 vault kv get secret/example
+vault namespace create test
+vault namespace create -namespace=test child
+vault kv put -namespace=test secret/example examplestring=hellochild exampleint=1338
+vault kv put -namespace=test/child secret/example examplestring=hellochildchild exampleint=1339
 wait $pid