Kyle Isom a5bb366558 Allow system accounts to issue certificates ...

Service tokens from MCIAS have account_type "system" but no roles.
Thread AccountType through CallerInfo and treat system accounts as
users for certificate issuance. This allows services to request
their own TLS certificates without admin credentials.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-25 20:07:22 -07:00

11 KiB

Raw Blame History

View Raw