This PR is a continuation of #103. Which added a new role configuration to store the Alias.Name in the form of namespace/serviceaccount. Prior to this change the Alias.Name would always be derived from the service account's token uid.
Design of Change
Add a new roles configuration alias_name_source to allow for setting one of the following naming formats:
<token.uid> e.g. 53f8253e-6df4-4be7-adae-f566c524c02c (remains the default)
<namespace>/<serviceaccount> e.g. kube-system/coredns
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
My Docs PR LinkExample
[ ] Add output for any tests not ran in CI to the PR description (e.g., acceptance tests)
[X] Backwards compatible
Overview
This PR is a continuation of #103. Which added a new role configuration to store the
Alias.Namein the form ofnamespace/serviceaccount. Prior to this change theAlias.Namewould always be derived from the service account's tokenuid.Design of Change
Add a new
roles configurationalias_name_sourceto allow for setting one of the following naming formats:<token.uid>e.g.53f8253e-6df4-4be7-adae-f566c524c02c(remains the default)<namespace>/<serviceaccount>e.g.kube-system/corednsRelated Issues/Pull Requests
[ ] PR #103
Contributor Checklist
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet My Docs PR Link Example [ ] Add output for any tests not ran in CI to the PR description (e.g., acceptance tests) [X] Backwards compatible