From 7cb067c47afa88a91b2f154f2c492bb6590fdae6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 May 2024 10:21:26 +0000
Subject: [PATCH 1/3] chore(deps): bump hashicorp/vault from 1.16.0 to 1.16.3

Bumps hashicorp/vault from 1.16.0 to 1.16.3.

---
updated-dependencies:
- dependency-name: hashicorp/vault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index da91124..b6fa17e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM hashicorp/vault:1.16.0
+FROM hashicorp/vault:1.16.3
 ARG KUBECTL_VERSION="stable"
 
 # Add more dependencies

From 4a3a14f6ae1672df980f1feabe7d898f388f12d7 Mon Sep 17 00:00:00 2001
From: Tommy McNeely <thomas.mcneely@davita.com>
Date: Thu, 30 May 2024 13:51:46 -0600
Subject: [PATCH 2/3] fix: tests for no default secret

---
 test/scripts/vault-auth-kubernetes.sh | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/test/scripts/vault-auth-kubernetes.sh b/test/scripts/vault-auth-kubernetes.sh
index e00c929..db74a6b 100755
--- a/test/scripts/vault-auth-kubernetes.sh
+++ b/test/scripts/vault-auth-kubernetes.sh
@@ -5,17 +5,23 @@ set -o pipefail
 set -x
 IFS=$'\n\t'
 
-kubectl create serviceaccount --namespace $VAULT_AUTH_NAMESPACE vault-auth
+kubectl create serviceaccount --namespace $VAULT_AUTH_NAMESPACE vault
 
 kubectl create clusterrolebinding vault-auth-kube \
   --clusterrole system:auth-delegator \
-  --serviceaccount $VAULT_AUTH_NAMESPACE:vault-auth
+  --serviceaccount $VAULT_AUTH_NAMESPACE:vault
 
-VAULT_SECRET_NAME=$(kubectl get serviceaccount vault-auth \
-  --namespace $VAULT_AUTH_NAMESPACE \
-  --output jsonpath="{.secrets[*]['name']}")
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-k8s-auth-secret
+  annotations:
+    kubernetes.io/service-account.name: vault
+type: kubernetes.io/service-account-token
+EOF
 
-SA_JWT_TOKEN=$(kubectl get secret $VAULT_SECRET_NAME \
+SA_JWT_TOKEN=$(kubectl get secret vault-k8s-auth-secret \
   --namespace $VAULT_AUTH_NAMESPACE \
   --output 'go-template={{ .data.token }}' | base64 --decode)
 

From 61cf24e1cb1d4e405ff5eafbd9945ebc5c43b760 Mon Sep 17 00:00:00 2001
From: Tommy McNeely <thomas.mcneely@davita.com>
Date: Thu, 30 May 2024 13:59:25 -0600
Subject: [PATCH 3/3] fix: namespace

---
 test/scripts/vault-auth-kubernetes.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/scripts/vault-auth-kubernetes.sh b/test/scripts/vault-auth-kubernetes.sh
index db74a6b..2c33dd1 100755
--- a/test/scripts/vault-auth-kubernetes.sh
+++ b/test/scripts/vault-auth-kubernetes.sh
@@ -16,6 +16,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: vault-k8s-auth-secret
+  namespace: $VAULT_AUTH_NAMESPACE
   annotations:
     kubernetes.io/service-account.name: vault
 type: kubernetes.io/service-account-token