adds --filter-by-token option to kube config command
renames --filter-prompts option in aws login to --filter-by-token for consistency
Tested stim kube config with every permutation of providing 1, 2 or 3 of --cf, --saf and --filter-by-token.
fixes an edge case in vault.Filter
Vault's CapabilitiesSelf returns a "path" called capabilities when
it receives only a single path in its request. Presumably this is for
backward compatibility. It also returns the path with its capabilities,
as it would when it returns a list of paths with their capabilities,
which is what consumers of vault.Filter expect.
So we just throw away the capabilities "path". Otherwise users would
see a dummy capabilities role along with the single expected role on
aws login with --filter-by-token when the aws account only has a
single role defined, or if their service account filter via --saf
narrowed the set of possible roles down to 1.
--filter-by-token
option tokube config
command--filter-prompts
option inaws login
to--filter-by-token
for consistencyTested
stim kube config
with every permutation of providing 1, 2 or 3 of--cf
,--saf
and--filter-by-token
.vault.Filter
Vault's
CapabilitiesSelf
returns a "path" calledcapabilities
when it receives only a single path in its request. Presumably this is for backward compatibility. It also returns the path with its capabilities, as it would when it returns a list of paths with their capabilities, which is what consumers ofvault.Filter
expect.So we just throw away the
capabilities
"path". Otherwise users would see a dummycapabilities
role along with the single expected role onaws login
with--filter-by-token
when the aws account only has a single role defined, or if their service account filter via--saf
narrowed the set of possible roles down to 1.