make vaultLogin method selection testable

[fcrespofastly]

We currently support appRole and kubernetes auth method to authenticate with Vault.

The main problem with kubernetes is that the serviceaccount token being present on the filesystem has to be read and it makes it hard to test. The way we've tested the kubernetes authentication method is by using an io.Reader that the vaultLogin method passes to the actual method.

This is a clean and frequently used approach to test pieces of code that depend on filesystem calls, but on the other hand it moves the problem to a different method vaultLogin which selects the authentication method.

This issue aims to open a discussion on how to tackle this moving forward.

Some ideas:

• Open the file in main.go pass it as a config value. We already pass the roleID and secretID as config, but those are external identity attributes. What I mean by this, is that secrets-manager it's already running as a k8s pod, so it's already possible to read the token and there's no need to pass it as a Config attribute... it's not a flag so it feels weird to me.

cc @eduardogr

[eduardogr]

Thanks for this @fcgravalos. Are you going to take care of this?