[Issue / Question] Is the role missing metadata alias entity ? #111
Description
Hi folks,
TLDR: Is the role missing from entity alias metadata or is this some documentation issue ?
I was following this documentation about acl policy templating and k8s auth. It say:
For the Kubernetes Authentication method, the available metadata keys can be found in the Login endpoint API Sample Response.
When I look at this sample response from here
"metadata": { "role": "test", "service_account_name": "vault-auth", "service_account_namespace": "default", "service_account_secret_name": "vault-auth-token-pd21c", "service_account_uid": "aa9aa8ff-98d0-11e7-9bb7-0800276d99bf" },
I see role should be available in the template but It did not work.
When I take a look in the code
auth := &logical.Auth{
Alias: &logical.Alias{
Name: serviceAccount.uid(),
Metadata: map[string]string{
"service_account_uid": serviceAccount.uid(),
"service_account_name": serviceAccount.name(),
"service_account_namespace": serviceAccount.namespace(),
"service_account_secret_name": serviceAccount.SecretName,
},
},
InternalData: map[string]interface{}{
"role": roleName,
},
Metadata: map[string]string{
"service_account_uid": serviceAccount.uid(),
"service_account_name": serviceAccount.name(),
"service_account_namespace": serviceAccount.namespace(),
"service_account_secret_name": serviceAccount.SecretName,
"role": roleName,
},
DisplayName: fmt.Sprintf("%s-%s", serviceAccount.namespace(), serviceAccount.name()),
}
I see the role is in the entity metadata but not in entities alias one. From what I understand we can only use entities alias for ACL templating (I tried to use directly metadata entities but failed to use them).
So here is my question : Is this a bad documentation issue or should we add the role in metadata entity or am I missing something else ?
Thanks in advance for your help / explanation :)