This PR is a continuation of #103. Which added a new role configuration to store the Alias.Name in the form of namespace/serviceaccount. Prior to this change the Alias.Name would always be derived from the service account's token uid.
Design of Change
Add a new roles configuration alias_name_source to allow for setting one of the following naming formats:
<token.uid> e.g. 53f8253e-6df4-4be7-adae-f566c524c02c (remains the default)
<namespace>/<serviceaccount> e.g. kube-system/coredns
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR LinkExample
[ ] Add output for any tests not ran in CI to the PR description (e.g., acceptance tests)
[X] Backwards compatible
Overview
This PR is a continuation of #103. Which added a new role configuration to store the
Alias.Name
in the form ofnamespace/serviceaccount
. Prior to this change theAlias.Name
would always be derived from the service account's tokenuid
.Design of Change
Add a new
role
s configurationalias_name_source
to allow for setting one of the following naming formats:<token.uid>
e.g.53f8253e-6df4-4be7-adae-f566c524c02c
(remains the default)<namespace>/<serviceaccount>
e.g.kube-system/coredns
Related Issues/Pull Requests
[ ] PR #103
Contributor Checklist
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet My Docs PR Link Example [ ] Add output for any tests not ran in CI to the PR description (e.g., acceptance tests) [X] Backwards compatible