Change tokenutil alias_metadata to populate alias custom metadata. (#10199) (#10202)

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2026-02-18 18:38:08 -05:00 · 2025-10-17 14:06:51 -04:00 · 2025-10-17 14:06:51 -04:00 · 378e96f010
commit 378e96f010
parent 78dda112b9
2 changed files with 35 additions and 7 deletions
--- a/changelog/_10199.txt
+++ b/changelog/_10199.txt
@ -0,0 +1,27 @@
+```release-note:bug
+auth/approle (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/aws (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/github (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/ldap (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/okta (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/radius (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/scep (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/cert (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
+```release-note:bug
+auth/userpass (enterprise): Role parameter `alias_metadata` now populates alias custom metadata field instead of alias metadata.
+```
--- a/vault/identity_store.go
+++ b/vault/identity_store.go
@ -1388,13 +1388,14 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.

 		// Create a new alias
 		newAlias := &identity.Alias{
-			CanonicalID:   entity.ID,
-			Name:          alias.Name,
-			MountAccessor: alias.MountAccessor,
-			Metadata:      alias.Metadata,
-			MountPath:     mountValidationResp.MountPath,
-			MountType:     mountValidationResp.MountType,
-			Local:         alias.Local,
+			CanonicalID:    entity.ID,
+			Name:           alias.Name,
+			MountAccessor:  alias.MountAccessor,
+			Metadata:       alias.Metadata,
+			MountPath:      mountValidationResp.MountPath,
+			MountType:      mountValidationResp.MountType,
+			Local:          alias.Local,
+			CustomMetadata: alias.CustomMetadata,
 		}

 		err = i.sanitizeAlias(ctx, newAlias)