Allow both service account names and namespaces to be splat

Cherrypicked from hashicorp/vault-plugin-auth-kubernetes#78 for allowing wildcards in both service account and namespace for roles. This limitation is only at API level, but Vault can work perfectly by just removing the check when populating roles. Although it is in a plugin, it is a builtin plugin, so we need to rebuild the vault binary. This was included in Vault 1.4.X, but since we have Vault 1.2.3 in some instances, we fork here for the time being.
Ebury · Oct 21, 2021 · 61ce0c6 · 61ce0c6
1 parent c14bd9a
commit 61ce0c6
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/go.mod b/go.mod
@@ -6,6 +6,8 @@ replace github.com/hashicorp/vault/api => ./api
 
 replace github.com/hashicorp/vault/sdk => ./sdk
 
+replace github.com/hashicorp/vault-plugin-auth-kubernetes => ./vendor/github.com/hashicorp/vault-plugin-auth-kubernetes
+
 require (
 	cloud.google.com/go v0.39.0
 	github.com/Azure/azure-sdk-for-go v29.0.0+incompatible

diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_role.go b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_role.go