UI: k8s auth openapi update (#25218)

2025-11-02 03:27:54 +00:00 · 2024-02-05 13:29:57 -06:00
parent 55d2dfb3d0
commit 588a43cadb
2 changed files with 10 additions and 1 deletions
--- a/ui/app/models/auth-config/kubernetes.js
+++ b/ui/app/models/auth-config/kubernetes.js
@@ -26,6 +26,7 @@ export default AuthConfig.extend({
    helpText:
      'A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API',
  }),
+  useAnnotationsAsAliasMetadata: attr('boolean'),

  pemKeys: attr({
    editType: 'stringArray',
@@ -37,7 +38,7 @@ export default AuthConfig.extend({
        default: ['kubernetesHost', 'kubernetesCaCert'],
      },
      {
-        'Kubernetes Options': ['tokenReviewerJwt', 'pemKeys'],
+        'Kubernetes Options': ['tokenReviewerJwt', 'pemKeys', 'useAnnotationsAsAliasMetadata'],
      },
    ];
    if (this.newFields) {
--- a/ui/tests/helpers/openapi/auth-model-attributes.js
+++ b/ui/tests/helpers/openapi/auth-model-attributes.js
@@ -605,6 +605,14 @@ const kubernetes = {
      label: 'Token Reviewer JWT',
      type: 'string',
    },
+    useAnnotationsAsAliasMetadata: {
+      editType: 'boolean',
+      fieldGroup: 'default',
+      helpText:
+        'Use annotations from the client token\'s associated service account as alias metadata for the Vault entity. Only annotations with the prefix "vault.hashicorp.com/alias-metadata-" will be used. Note that Vault will need permission to read service accounts from the Kubernetes API.',
+      label: 'Use annotations of JWT service account as alias metadata',
+      type: 'boolean',
+    },
  },
  role: {
    name: {