From 1a5702cf21a876d2b799f811a61bcfe07a81e1e3 Mon Sep 17 00:00:00 2001
From: holtwilkins <5665043+holtwilkins@users.noreply.github.com>
Date: Sat, 19 Sep 2020 05:21:41 +1000
Subject: [PATCH] Support use of VAULT_NAMESPACE env var (#929)

As per https://learn.hashicorp.com/tutorials/vault/namespaces, setting VAULT_NAMESPACE env var is a completely supported mechanism to make all vault command use said namespace, so hashi_vault lookup function should do the same.

Co-authored-by: Holt Wilkins <hwilkins@palantir.com>
---
 changelogs/fragments/929-vault-namespace-support.yml | 3 +++
 plugins/lookup/hashi_vault.py                        | 3 +++
 2 files changed, 6 insertions(+)
 create mode 100644 changelogs/fragments/929-vault-namespace-support.yml

diff --git a/changelogs/fragments/929-vault-namespace-support.yml b/changelogs/fragments/929-vault-namespace-support.yml
new file mode 100644
index 0000000000..bf22978aff
--- /dev/null
+++ b/changelogs/fragments/929-vault-namespace-support.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - hashi_vault - support ``VAULT_NAMESPACE`` environment variable for namespaced lookups against Vault Enterprise (in addition to the ``namespace=`` flag supported today) (https://github.com/ansible-collections/community.general/pull/929).
diff --git a/plugins/lookup/hashi_vault.py b/plugins/lookup/hashi_vault.py
index 3cff19d939..5ace528e44 100644
--- a/plugins/lookup/hashi_vault.py
+++ b/plugins/lookup/hashi_vault.py
@@ -117,6 +117,9 @@ DOCUMENTATION = """
       default: True
     namespace:
       description: Namespace where secrets reside. Requires HVAC 0.7.0+ and Vault 0.11+.
+      env:
+        - name: VAULT_NAMESPACE
+          version_added: 1.2.0
     aws_profile:
         description: The AWS profile
         type: str