Merge pull request #110 from TJM/dependabot/docker/hashicorp/vault-1.…

…16.3 chore(deps): bump hashicorp/vault from 1.16.0 to 1.16.3
TJM · May 30, 2024 · b990814 · b990814
2 parents 1d874cb + 61cf24e
commit b990814
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM hashicorp/vault:1.16.0
+FROM hashicorp/vault:1.16.3
 ARG KUBECTL_VERSION="stable"
 
 # Add more dependencies

diff --git a/test/scripts/vault-auth-kubernetes.sh b/test/scripts/vault-auth-kubernetes.sh
@@ -5,17 +5,24 @@ set -o pipefail
 set -x
 IFS=$'\n\t'
 
-kubectl create serviceaccount --namespace $VAULT_AUTH_NAMESPACE vault-auth
+kubectl create serviceaccount --namespace $VAULT_AUTH_NAMESPACE vault
 
 kubectl create clusterrolebinding vault-auth-kube \
   --clusterrole system:auth-delegator \
-  --serviceaccount $VAULT_AUTH_NAMESPACE:vault-auth
+  --serviceaccount $VAULT_AUTH_NAMESPACE:vault
 
-VAULT_SECRET_NAME=$(kubectl get serviceaccount vault-auth \
-  --namespace $VAULT_AUTH_NAMESPACE \
-  --output jsonpath="{.secrets[*]['name']}")
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-k8s-auth-secret
+  namespace: $VAULT_AUTH_NAMESPACE
+  annotations:
+    kubernetes.io/service-account.name: vault
+type: kubernetes.io/service-account-token
+EOF
 
-SA_JWT_TOKEN=$(kubectl get secret $VAULT_SECRET_NAME \
+SA_JWT_TOKEN=$(kubectl get secret vault-k8s-auth-secret \
   --namespace $VAULT_AUTH_NAMESPACE \
   --output 'go-template={{ .data.token }}' | base64 --decode)