Skip to content

[GH-352] kubernetes auth for lookup #353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pfeifferj wants to merge 23 commits into
base: main
Choose a base branch
from
Open

[GH-352] kubernetes auth for lookup #353

pfeifferj wants to merge 23 commits into from

Conversation

@pfeifferj
Copy link
Contributor

@pfeifferj pfeifferj commented Mar 1, 2023
edited by briantist
Loading

SUMMARY

continuation of pr#220

ISSUE TYPE

Resolves #352
Closes #220

COMPONENT NAME

community.hashi_vault/plugins/lookup

ADDITIONAL INFORMATION

todo:

@github-actions
Copy link

github-actions bot commented Mar 1, 2023
edited
Loading

Docs Build 📝

Thank you for contribution!✨

The docs for this PR have been published here:
https://ansible-collections.github.io/community.hashi_vault/pr/353

You can compare to the docs for the main branch here:
https://ansible-collections.github.io/community.hashi_vault/branch/main

The docsite for this PR is also available for download as an artifact from this run:
https://github.com/ansible-collections/community.hashi_vault/actions/runs/19113236499

File changes:

Click to see the diff comparison.

NOTE: only file modifications are shown here. New and deleted files are excluded.
See the file list and check the published docs to see those files.

The diff output was truncated because it exceeded the maximum size.

diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/hashi_vault_lookup.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/hashi_vault_lookup.html
index 4cf01fb..c928af6 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/hashi_vault_lookup.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/hashi_vault_lookup.html
@@ -187,6 +187,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -198,6 +199,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
@@ -448,6 +450,39 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-hashi-vault-lookup-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
+<ul class="simple">
+<li><p>Environment variable: <span class="target" id="index-21"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_KUBERNETES_TOKEN"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_KUBERNETES_TOKEN</span></code></a></p></li>
+<li><p>Variable: ansible_hashi_vault_kubernetes_token</p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-hashi-vault-lookup-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
+<ul>
+<li><p>INI entry:</p>
+<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[hashi_vault_collection]</span>
+<span class="na">kubernetes_token_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">/var/run/secrets/kubernetes.io/serviceaccount/token</span>
+</pre></div>
+</div>
+</li>
+<li><p>Environment variable: <span class="target" id="index-22"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_KUBERNETES_TOKEN_PATH"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_KUBERNETES_TOKEN_PATH</span></code></a></p></li>
+<li><p>Variable: ansible_hashi_vault_kubernetes_token_path</p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-hashi-vault-lookup-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -463,7 +498,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.5.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-21"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_MOUNT_POINT"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_MOUNT_POINT</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-23"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_MOUNT_POINT"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_MOUNT_POINT</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.5.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_mount_point</p>
@@ -488,7 +523,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-22"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_NAMESPACE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_NAMESPACE</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-24"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_NAMESPACE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_NAMESPACE</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_namespace</p>
@@ -504,7 +539,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <td><div class="ansible-option-cell"><p>Authentication password.</p>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
 <ul>
-<li><p>Environment variable: <span class="target" id="index-23"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_PASSWORD"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_PASSWORD</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-25"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_PASSWORD"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_PASSWORD</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_password</p>
@@ -534,7 +569,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-24"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_PROXIES"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_PROXIES</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-26"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_PROXIES"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_PROXIES</span></code></a></p></li>
 <li><p>Variable: ansible_hashi_vault_proxies</p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.2.0</em></p>
 </li>
@@ -548,8 +583,8 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <td><div class="ansible-option-cell"><p>The AWS region for which to create the connection.</p>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
 <ul class="simple">
-<li><p>Environment variable: <span class="target" id="index-25"></span><a class="reference internal" href="../../environment_variables.html#envvar-EC2_REGION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">EC2_REGION</span></code></a></p></li>
-<li><p>Environment variable: <span class="target" id="index-26"></span><a class="reference internal" href="../../environment_variables.html#envvar-AWS_REGION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">AWS_REGION</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-27"></span><a class="reference internal" href="../../environment_variables.html#envvar-EC2_REGION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">EC2_REGION</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-28"></span><a class="reference internal" href="../../environment_variables.html#envvar-AWS_REGION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">AWS_REGION</span></code></a></p></li>
 </ul>
 </div></td>
 </tr>
@@ -574,7 +609,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-27"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_RETRIES"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_RETRIES</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-29"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_RETRIES"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_RETRIES</span></code></a></p></li>
 <li><p>Variable: ansible_hashi_vault_retries</p></li>
 </ul>
 </div></td>
@@ -600,7 +635,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-28"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_RETRY_ACTION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_RETRY_ACTION</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-30"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_RETRY_ACTION"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_RETRY_ACTION</span></code></a></p></li>
 <li><p>Variable: ansible_hashi_vault_retry_action</p></li>
 </ul>
 </div></td>
@@ -639,7 +674,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-29"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_ROLE_ID"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_ROLE_ID</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-31"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_ROLE_ID"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_ROLE_ID</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_role_id</p>
@@ -662,7 +697,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <td><div class="ansible-option-cell"><p>Secret ID to be used for Vault AppRole authentication.</p>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
 <ul>
-<li><p>Environment variable: <span class="target" id="index-30"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_SECRET_ID"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_SECRET_ID</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-32"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_SECRET_ID"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_SECRET_ID</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_secret_id</p>
@@ -687,7 +722,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-31"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TIMEOUT"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TIMEOUT</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-33"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TIMEOUT"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TIMEOUT</span></code></a></p></li>
 <li><p>Variable: ansible_hashi_vault_timeout</p></li>
 </ul>
 </div></td>
@@ -701,7 +736,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <p>The order of token loading (first found wins) is <code class="docutils literal notranslate"><span class="pre">token</span> <span class="pre">param</span> <span class="pre">-&gt;</span> <span class="pre">ansible</span> <span class="pre">var</span> <span class="pre">-&gt;</span> <span class="pre">ANSIBLE_HASHI_VAULT_TOKEN</span> <span class="pre">-&gt;</span> <span class="pre">VAULT_TOKEN</span> <span class="pre">-&gt;</span> <span class="pre">token</span> <span class="pre">file</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
 <ul>
-<li><p>Environment variable: <span class="target" id="index-32"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-34"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_token</p>
@@ -725,7 +760,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-33"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_FILE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_FILE</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-35"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_FILE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_FILE</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_token_file</p>
@@ -748,7 +783,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-34"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_PATH"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_PATH</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-36"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_PATH"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_PATH</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_token_path</p>
@@ -778,7 +813,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-35"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_VALIDATE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_VALIDATE</span></code></a></p></li>
+<li><p>Environment variable: <span class="target" id="index-37"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_TOKEN_VALIDATE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_TOKEN_VALIDATE</span></code></a></p></li>
 <li><p>Variable: ansible_hashi_vault_token_validate</p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.2.0</em></p>
 </li>
@@ -801,7 +836,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 </div>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.4.0</em></p>
 </li>
-<li><p>Environment variable: <span class="target" id="index-36"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_ADDR"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_ADDR</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-38"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_ADDR"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_ADDR</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 0.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_url</p>
@@ -820,7 +855,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('c
 <td><div class="ansible-option-cell"><p>Authentication user name.</p>
 <p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
 <ul>
-<li><p>Environment variable: <span class="target" id="index-37"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_USERNAME"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_USERNAME</span></code></a></p>
+<li><p>Environment variable: <span class="target" id="index-39"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_HASHI_VAULT_USERNAME"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_HASHI_VAULT_USERNAME</span></code></a></p>
 <p><em class="ansible-option-versionadded">added in community.hashi_vault 1.2.0</em></p>
 </li>
 <li><p>Variable: ansible_hashi_vault_username</p>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_configure_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_configure_module.html
index 46b537a..f3200be 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_configure_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_configure_module.html
@@ -191,6 +191,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -202,6 +203,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -353,6 +355,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-configure-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-configure-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-configure-module-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_delete_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_delete_module.html
index 3274bea..fb81a86 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_delete_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_delete_module.html
@@ -184,6 +184,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -195,6 +196,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -325,6 +327,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-delete-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-delete-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-delete-module-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_read_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_read_module.html
index 3c903c7..8947403 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_read_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_read_module.html
@@ -185,6 +185,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -196,6 +197,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -326,6 +328,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-read-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-read-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-read-module-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_reset_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_reset_module.html
index a582c17..589205c 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connection_reset_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connection_reset_module.html
@@ -184,6 +184,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -195,6 +196,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -325,6 +327,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-reset-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-reset-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connection-reset-module-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connections_list_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connections_list_module.html
index 7a45f76..fbfd8cf 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_connections_list_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_connections_list_module.html
@@ -185,6 +185,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -196,6 +197,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -319,6 +321,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connections-list-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connections-list-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-mount_point"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-connections-list-module-parameter-mount-point"><strong>mount_point</strong></p>
 <a class="ansibleOptionLink" href="#parameter-mount_point" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_role_create_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_role_create_module.html
index 97c0770..01a21a8 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_role_create_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_role_create_module.html
@@ -184,6 +184,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.2.0</span></code>.</p>
 <p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;token&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -195,6 +196,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;jwt&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;cert&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;gcp&quot;</span></code></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;kubernetes&quot;</span></code></p></li>
 <li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;none&quot;</span></code></p></li>
 </ul>
 </div></td>
@@ -340,6 +342,23 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-role-create-module-parameter-kubernetes-token"><strong>kubernetes_token</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>The Kubernetes Token (JWT) to use for Kubernetes authentication to Vault.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-kubernetes_token_path"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-role-create-module-parameter-kubernetes-token-path"><strong>kubernetes_token_path</strong></p>
+<a class="ansibleOptionLink" href="#parameter-kubernetes_token_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><em class="ansible-option-versionadded">added in community.hashi_vault 7.2.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If no kubernetes_token is specified, will try to read the token from this path.</p>
+<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;/var/run/secrets/kubernetes.io/serviceaccount/token&quot;</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-max_ttl"></div><p class="ansible-option-title" id="ansible-collections-community-hashi-vault-vault-database-role-create-module-parameter-max-ttl"><strong>max_ttl</strong></p>
 <a class="ansibleOptionLink" href="#parameter-max_ttl" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
diff --git a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_role_delete_module.html b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_role_delete_module.html
index cfd042c..820111b 100644
--- a/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/base/collections/community/hashi_vault/vault_database_role_delete_module.html
+++ b/home/runner/work/community.hashi_vault/community.hashi_vault/docsbuild/head/collections/community/hashi_vault/vault_database_role_delete_module.html
@@ -184,6 +184,7 @@ see <a class="reference internal" href="#ansible-collections-community-hashi-vau
 <p><code class="docutils literal notranslate"><span class="pre">aws_iam_login</span></code> was renamed <code class="docutils literal notranslate"><span class="pre">aws_iam</span></code> in collection version <code class="docutils literal notranslate"><span class="pre">2.1.0</span></code> and was removed in <code class="docutils literal notranslate"><span class="pre">3.0.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">azure</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">3.2.0</span></code>.</p>
 <p><code class="docutils literal notranslate"><span class="pre">gcp</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="pre">7.1.0</span></code>.</p>
+<p><code class="docutils literal notranslate"><span class="pre">kubernetes</span></code> auth method was added in collection version <code class="docutils literal notranslate"><span class="p...*[Comment body truncated]*

@pfeifferj pfeifferj marked this pull request as ready for review March 1, 2023 12:38
@pfeifferj pfeifferj mentioned this pull request Mar 1, 2023
Open
@pfeifferj pfeifferj changed the title DRAFT: kubernetes auth for lookup [GH-352] kubernetes auth for lookup Mar 1, 2023
@briantist
Copy link
Collaborator

briantist commented Mar 2, 2023
edited
Loading

Hi @pfeifferj welcome! Thanks for looking to continue the work in #220 .

First, I'd like to ensure that the commits in this branch that came from that PR still retain the original author's info to ensure proper credit. Let me know if you need a hand trying to get that info in the commits.

Also @chris93111 if you are interested in picking this work up again, please let us know, maybe you can collaborate with @pfeifferj if that's the case?

Otherwise, there's a few issues correct from the original commits, a previous rebase in that PR seems to have incorrectly resolved some conflicts, so there are some strange changes in here for example the changes to the hashi_vault lookup (those should be removed).

The version_added will also need to be changed but that's best done closer to the PR's completion since there may be releases between then and now.

Other than that, please look over my comments in #220 carefully, as most of those asks still apply.

For example, we'll want to ensure we have unit and integration tests.

Please also take a look at the Contributor guide.

It would be great to get this completed, and I can help with some aspects like testing, as time permits.

@briantist briantist added the enhancement New feature or request label Mar 2, 2023
@pfeifferj
Copy link
Contributor Author

pfeifferj commented Mar 3, 2023
edited
Loading

Hi @briantist, Thank you for your comments, sounds good! I'll fix the commit attribution later today. Are you okay with the commits still being squashed to keep the history more readable, though? As for the rest, I will create sub-tasks in the PR description so we can keep track of those :)

I would propose this based on the git log:

pic-selected-230303-1105-59

@pfeifferj pfeifferj marked this pull request as draft March 3, 2023 07:17
@chris93111
Copy link
Contributor

chris93111 commented Mar 3, 2023

Hi @briantist i have no problem with this PR , I have trouble finding time to make the working CI (k3d and vault)
if @pfeifferj can help no problem, if we can both be contributors, that's cool
I use this lookup in production for over a year

@briantist
Copy link
Collaborator

briantist commented Mar 3, 2023

I'll fix the commit attribution later today. Are you okay with the commits still being squashed to keep the history more readable, though?

Yes squashing is fine. I think I might have a few commits in that history but I'm only concerned with attribution for @chris93111 , any commits from me were minor suggestions or whatever and I don't care if those get squashed or removed.

As for the rest, I will create sub-tasks in the PR description so we can keep track of those :)

Perfect, thank you!

i have no problem with this PR , I have trouble finding time to make the working CI (k3d and vault) if @pfeifferj can help no problem, if we can both be contributors, that's cool I use this lookup in production for over a year

Great! Thanks for following up. We have more than just the hashi_vault lookup now, and they all share auth methods, so when this merges, you'll also be able to use kubernetes auth with any of the other plugins (and modules!) we have.

@briantist briantist self-assigned this Mar 3, 2023
@pfeifferj pfeifferj force-pushed the patch-1 branch 5 times, most recently from cbd0d33 to aee8816 Compare March 5, 2023 19:02
@briantist
Copy link
Collaborator

briantist commented Mar 5, 2023

Hi @pfeifferj , I might be able to help resolve some of these conflicts and older rebase artifacts, but I noticed several pushes today so I don't want to push up commits that might step on your work if you've still got some thing in flight locally.

Let me know if you'd like me to pull it down and try to resolve this stuff!

@pfeifferj
Copy link
Contributor Author

pfeifferj commented Mar 5, 2023

Hi @pfeifferj , I might be able to help resolve some of these conflicts and older rebase artifacts, but I noticed several pushes today so I don't want to push up commits that might step on your work if you've still got some thing in flight locally.
Let me know if you'd like me to pull it down and try to resolve this stuff!

hi @briantist those pushes were just to fix the commit history. Would be really great if you could help with the conflicts. I should have time to work on the tests next weekend :)

Cheers,
Josie

@briantist
Copy link
Collaborator

briantist commented Mar 5, 2023

Ok, I've done a rebase against main to bring in those changes, and in the process I think I've resolved all the outstanding conflicts and such, so I think this is ready to be built upon for the tests and such. Thanks Josie!

@codecov
Copy link

codecov bot commented Mar 5, 2023
edited
Loading

Codecov Report

Merging #353 (345eef8) into main (fcbfae5) will decrease coverage by 0.44%.
The diff coverage is 41.93%.

❗ Current head 345eef8 differs from pull request most recent head dad910a. Consider uploading reports for the commit dad910a to get more accurate results

@@            Coverage Diff             @@
##             main     #353      +/-   ##
==========================================
- Coverage   98.82%   98.39%   -0.44%     
==========================================
  Files          80       81       +1     
  Lines        4095     4112      +17     
  Branches      259      262       +3     
==========================================
- Hits         4047     4046       -1     
- Misses         39       57      +18     
  Partials        9        9
Flag Coverage Δ
env_docker-default 98.39% <41.93%> (-0.44%) ⬇️
integration 80.51% <41.93%> (-0.58%) ⬇️
sanity 39.84% <38.70%> (+0.08%) ⬆️
target_ansible-doc 100.00% <ø> (ø)
target_auth_approle 89.47% <ø> (ø)
target_auth_aws_iam 50.00% <ø> (ø)
target_auth_azure 53.84% <ø> (ø)
target_auth_cert 86.36% <ø> (ø)
target_auth_jwt 91.30% <ø> (ø)
target_auth_ldap 89.47% <ø> (ø)
target_auth_none 100.00% <ø> (ø)
target_auth_token 71.42% <ø> (ø)
target_auth_userpass 85.71% <ø> (ø)
target_connection_options 74.76% <ø> (ø)
target_controller 83.02% <41.93%> (-0.77%) ⬇️
target_filter_vault_login_token 77.77% <ø> (ø)
target_import 39.84% <38.70%> (+0.08%) ⬆️
target_lookup_hashi_vault 81.33% <ø> (ø)
target_lookup_vault_ansible_settings 55.75% <41.93%> (-0.26%) ⬇️
target_lookup_vault_kv1_get 91.30% <ø> (ø)
target_lookup_vault_kv2_get 91.11% <ø> (ø)
target_lookup_vault_list 90.00% <ø> (ø)
target_lookup_vault_login 88.57% <ø> (ø)
target_lookup_vault_read 90.00% <ø> (ø)
target_lookup_vault_token_create 79.24% <ø> (ø)
target_lookup_vault_write 56.72% <41.93%> (-0.34%) ⬇️
target_module_utils 96.22% <41.93%> (-1.14%) ⬇️
target_module_vault_kv1_get 87.50% <ø> (ø)
target_module_vault_kv2_delete 56.20% <41.93%> (-0.73%) ⬇️
target_module_vault_kv2_get 87.23% <ø> (ø)
target_module_vault_list 85.71% <ø> (ø)
target_module_vault_login 83.72% <ø> (ø)
target_module_vault_pki_generate_certificate 78.72% <ø> (ø)
target_module_vault_read 85.71% <ø> (ø)
target_module_vault_token_create 91.66% <ø> (ø)
target_module_vault_write 55.55% <41.93%> (-0.70%) ⬇️
target_modules 81.12% <41.93%> (-0.67%) ⬇️
units 96.12% <41.93%> (-0.43%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
plugins/doc_fragments/auth.py 100.00% <ø> (ø)
plugins/module_utils/_auth_method_k8s.py 40.00% <40.00%> (ø)
plugins/module_utils/_authenticator.py 100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@pfeifferj pfeifferj force-pushed the patch-1 branch 10 times, most recently from e066d93 to b838dcb Compare October 26, 2025 23:08
@pfeifferj
Copy link
Contributor Author

pfeifferj commented Oct 27, 2025

wow CI finally passed! I guess now we just need a final review of the changes + squashing the commits so the git log doesn't look too ugly ^^

@inetkachev-zeta
Copy link

inetkachev-zeta commented Oct 29, 2025

@pfeifferj cool, thanks a ton! @briantist , could you please advise how soon this feature could possibly make it to the release? Many thanks to you both once more!

@briantist briantist added this to the v7.2.0 milestone Oct 30, 2025
briantist
briantist reviewed Oct 30, 2025
View reviewed changes
Copy link
Collaborator

@briantist briantist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After removing changes to the hashi_vault lookup, I think the only remaining items are:

  • update all version_added fields to match the PR milestone release (currently 7.2.0)
  • add a changelog fragment

@pfeifferj pfeifferj force-pushed the patch-1 branch 6 times, most recently from abad27e to 365c21e Compare October 30, 2025 14:46
@inetkachev-zeta
Copy link

inetkachev-zeta commented Nov 4, 2025

Hi @briantist could you please have a look and let me know if this one is ready for release now? thanks a ton!

briantist
briantist reviewed Nov 4, 2025
View reviewed changes
Copy link
Collaborator

@briantist briantist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You some extra files that need to be removed, the changelogs will be updated on release in a separate PR, please keep just the changelog fragment that describes the changes being made here

CHANGELOG.md
Copy link
Collaborator

@briantist briantist Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a release, there should be there no changes to this file, please revert.

CHANGELOG.rst
Copy link
Collaborator

@briantist briantist Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a release, there should be there no changes to this file, please revert.

changelogs/changelog.yaml
Copy link
Collaborator

@briantist briantist Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a release, there should be there no changes to this file, please revert.

@inetkachev-zeta
Copy link

inetkachev-zeta commented Nov 5, 2025

Hi @pfeifferj , could you please review and address @briantist's suggestions above? thanks!

@pfeifferj
chore: correct version_added
88b4cc7 
Remove changelog files that are managed in release PRs
@inetkachev-zeta
Copy link

inetkachev-zeta commented Nov 6, 2025

Hi @briantist , could you please verify if everything looks good now? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@briantist briantist briantist left review comments

Assignees

@briantist briantist

Labels

enhancement New feature or request

Projects

None yet

Milestone

v7.2.0

Development

Successfully merging this pull request may close these issues.

Add support for Kubernetes Auth Method

5 participants

@pfeifferj @briantist @chris93111 @audriusb @inetkachev-zeta