Change token/role names

command/agent/config-test-fixtures/basic.hcl

@@ -111,12 +111,12 @@ vault {
     address = "127.0.0.1:9500"
     allow_unauthenticated = true
     child_token_ttl = "1s"
-    role_name = "roleFoo"
-    role_token = "12345"
+    periodic_token = "12345"
     tls_ca_file = "/path/to/ca/file"
     tls_ca_path = "/path/to/ca"
     tls_cert_file = "/path/to/cert/file"
     tls_key_file = "/path/to/key/file"
     tls_server_name = "foobar"
     tls_skip_verify = true
+    token_role_name = "roleFoo"
 }

command/agent/config_parse.go

@@ -655,15 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
 	valid := []string{
 		"address",
 		"allow_unauthenticated",
+		"child_token_ttl",
+		"periodic_token",
 		"tls_ca_file",
 		"tls_ca_path",
 		"tls_cert_file",
-		"child_token_ttl",
 		"tls_key_file",
-		"role_name",
-		"role_token",
 		"tls_server_name",
 		"tls_skip_verify",
+		"token_role_name",
 	}
 
 	if err := checkHCLKeys(listVal, valid); err != nil {

command/agent/config_parse_test.go

@@ -130,8 +130,8 @@ func TestConfig_Parse(t *testing.T) {
 					TLSCertFile:          "/path/to/cert/file",
 					ChildTokenTTL:        "1s",
 					TLSKeyFile:           "/path/to/key/file",
-					RoleName:             "roleFoo",
-					RoleToken:            "12345",
+					TokenRoleName:        "roleFoo",
+					PeriodicToken:        "12345",
 					TLSServerName:        "foobar",
 					TLSSkipVerify:        true,
 				},

command/agent/config_test.go

@@ -96,8 +96,8 @@ func TestConfig_Merge(t *testing.T) {
 			"Access-Control-Allow-Origin": "*",
 		},
 		Vault: &config.VaultConfig{
-			RoleName:             "1",
-			RoleToken:            "1",
+			TokenRoleName:        "1",
+			PeriodicToken:        "1",
 			AllowUnauthenticated: false,
 			ChildTokenTTL:        "1",
 			Addr:                 "1",
@@ -223,8 +223,8 @@ func TestConfig_Merge(t *testing.T) {
 			"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
 		},
 		Vault: &config.VaultConfig{
-			RoleName:             "2",
-			RoleToken:            "2",
+			TokenRoleName:        "2",
+			PeriodicToken:        "2",
 			AllowUnauthenticated: true,
 			ChildTokenTTL:        "2",
 			Addr:                 "2",

nomad/structs/config/vault.go

@@ -12,14 +12,14 @@ import vault "github.com/hashicorp/vault/api"
 // - Create child tokens with policy subsets of the Server's token.
 type VaultConfig struct {
 
-	// RoleName is the Vault role in which Nomad will derive child tokens using
-	// /auth/token/create/[role_name]
-	RoleName string `mapstructure:"role_name"`
+	// TokenRoleName is the Vault role in which Nomad will derive child tokens using
+	// /auth/token/create/[token_role_name]
+	TokenRoleName string `mapstructure:"token_role_name"`
 
-	// RoleToken is the periodic Vault token given to Nomad such that it can
-	// derive child tokens. The RoleToken should be created from the passed
-	// RoleName. Nomad will renew this token at half its lease lifetime.
-	RoleToken string `mapstructure:"role_token"`
+	// PeriodicToken is the periodic Vault token given to Nomad such that it can
+	// derive child tokens. The PeriodicToken should be created from the passed
+	// TokenRoleName. Nomad will renew this token at half its lease lifetime.
+	PeriodicToken string `mapstructure:"periodic_token"`
 
 	// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
 	// without providing a Vault token proving they have access to these
@@ -68,11 +68,11 @@ func DefaultVaultConfig() *VaultConfig {
 func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
 	result := *a
 
-	if b.RoleName != "" {
-		result.RoleName = b.RoleName
+	if b.TokenRoleName != "" {
+		result.TokenRoleName = b.TokenRoleName
 	}
-	if b.RoleToken != "" {
-		result.RoleToken = b.RoleToken
+	if b.PeriodicToken != "" {
+		result.PeriodicToken = b.PeriodicToken
 	}
 	if b.AllowUnauthenticated {
 		result.AllowUnauthenticated = b.AllowUnauthenticated