From 902e9f98a163ee81f3aaafb66d6d38056e205627 Mon Sep 17 00:00:00 2001
From: Jon Mosco <jmosco@redhat.com>
Date: Mon, 27 Jan 2025 08:57:57 -0500
Subject: [PATCH] add bound_service_account_namespace_selector to k8s role for
 vault

---
 graphql-schemas/schema.yml      | 1 +
 schemas/vault-config/role-1.yml | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/graphql-schemas/schema.yml b/graphql-schemas/schema.yml
index 602c3b21..9ba4fda8 100644
--- a/graphql-schemas/schema.yml
+++ b/graphql-schemas/schema.yml
@@ -346,6 +346,7 @@ confs:
   - { name: audience, type: string }
   - { name: bound_service_account_names, type: string, isList: true, isRequired: true }
   - { name: bound_service_account_namespaces, type: string, isList: true, isRequired: true }
+  - { name: bound_service_account_namespace_selector, type: string, isRequired: true }
   - { name: token_ttl, type: string, isRequired: true }
   - { name: token_max_ttl, type: string, isRequired: true }
   - { name: token_explicit_max_ttl, type: string, isRequired: true }
diff --git a/schemas/vault-config/role-1.yml b/schemas/vault-config/role-1.yml
index a3b1e816..5d0b48e3 100644
--- a/schemas/vault-config/role-1.yml
+++ b/schemas/vault-config/role-1.yml
@@ -217,6 +217,8 @@ properties:
           type: array
           items:
             type: string
+        bound_service_account_namespace_selector:
+          type: string
         token_ttl:
           type: string
           pattern: '^\d+$'
@@ -249,6 +251,7 @@ properties:
       - alias_name_source
       - bound_service_account_names
       - bound_service_account_namespaces
+      - bound_service_account_namespace_selector
       - token_ttl
       - token_max_ttl
       - token_explicit_max_ttl