(MINOR) Feature: Optional Vault Namespace (#16)

* auth with namespace only if one is provided, no longer required var
* update readme with optional var, fixed broken link

Author: JRHemmen

README.md

@@ -20,6 +20,7 @@ The Nutanix Exporter is a Go application that fetches live data from any number
 - Hashicorp Vault server with KVv2 Secrets Engine enabled
   - Secrets Engine name: defined in `VAULT_ENGINE_NAME` environment variable
   - Secret name: defined in `PE_TASK_ACCOUNT` and `PC_TASK_ACCOUNT` environment variables
+  - Namespace: Optional, but can be defined in `VAULT_NAMESPACE` environment variable
   - Fields: username, secret
 - Nutanix Prism Central 2023.4 or later
 
@@ -115,7 +116,7 @@ services:
 
 - [Go](https://golang.org/) - Programming language
 - [Go Prometheus Client](https://github.com/prometheus/client_golang) - Prometheus client library for Go
-- [Go Hashicorp Vault Client](github.com/hashicorp/vault-client-go) - Hashicorp Vault client library for Go
+- [Go Hashicorp Vault Client](https://github.com/hashicorp/vault-client-go) - Hashicorp Vault client library for Go
 - [Docker](https://www.docker.com/) - Containerization
 - [GitHub Actions](https://docs.github.com/en/actions) - CI/CD pipeline
 

internal/auth/vault.go

@@ -60,10 +60,10 @@ func NewVaultClient() (*VaultClient, error) {
 	addr := getEnvOrFatal("VAULT_ADDR")
 	roleId := getEnvOrFatal("VAULT_ROLE_ID")
 	secretId := getEnvOrFatal("VAULT_SECRET_ID")
-	namespace := getEnvOrFatal("VAULT_NAMESPACE")
 	PETaskAccount = getEnvOrFatal("PE_TASK_ACCOUNT")
 	PCTaskAccount = getEnvOrFatal("PC_TASK_ACCOUNT")
 	EngineName = getEnvOrFatal("VAULT_ENGINE_NAME")
+	namespace := os.Getenv("VAULT_NAMESPACE")
 
 	log.Printf("Creating new Vault client for %s", addr)
 	client, err := vault.New(
@@ -75,14 +75,28 @@ func NewVaultClient() (*VaultClient, error) {
 	}
 
 	log.Printf("Authenticating with Vault using AppRole")
-	resp, err := client.Auth.AppRoleLogin(
-		ctx,
-		schema.AppRoleLoginRequest{
-			RoleId:   roleId,
-			SecretId: secretId,
-		},
-		vault.WithNamespace(namespace),
-	)
+	var resp *vault.Response[map[string]interface{}]
+
+	if namespace != "" {
+
+		resp, err = client.Auth.AppRoleLogin(
+			ctx,
+			schema.AppRoleLoginRequest{
+				RoleId:   roleId,
+				SecretId: secretId,
+			},
+			vault.WithNamespace(namespace),
+		)
+	} else {
+		resp, err = client.Auth.AppRoleLogin(
+			ctx,
+			schema.AppRoleLoginRequest{
+				RoleId:   roleId,
+				SecretId: secretId,
+			},
+		)
+	}
+
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -92,8 +106,13 @@ func NewVaultClient() (*VaultClient, error) {
 		log.Fatal(err)
 	}
 
-	if err = client.SetNamespace(namespace); err != nil {
-		log.Fatal(err)
+	if namespace != "" {
+		log.Printf("Setting namespace to %s", namespace)
+		if err = client.SetNamespace(namespace); err != nil {
+			log.Fatal(err)
+		}
+	} else {
+		log.Printf("No namespace specified")
 	}
 
 	return &VaultClient{client: client}, nil