AWS auth for Vault Connect CA ignores "role" param

[t-davies]

Overview of the Issue

When configuring Connect to use a Vault CA, with the AWS auth method - Consul does not pass the Vault role name in the login request when one is configured. By default, Vault falls back to the EC2 instance AWS IAM role name which will not exist.

---

Reproduction Steps

1. Create a Connect CA config file which uses the AWS auth method for Vault, and specifies a role name, e.g.

   {
     "Provider": "vault",
     "Config": {
       "Address": "https://my.vault.server:8200",
       "IntermediatePKIPath": "pki_int",
       "RootPKIPath": "pki",
       "AuthMethod": {
         "Type": "aws",
         "MountPath": "aws",
         "Params": {
           "role": "configured-role-name"
         }
       }
     }
   }
   

2. Run consul connect ca set-config -config-file ca.conf
3. View error, along the lines of:

   Error setting CA configuration: Unexpected response code: 500 (error configuring provider: Error making API request.
   
   Namespace: default
   URL: PUT https://my.vault.server:8200/v1/auth/aws/login
   Code: 400. Errors:
   
   * entry for role your-ec2-instance-iam-role-name not found)
   

Operating system and Environment details

Amazon Linux 2023, x86 running Consul 1.15.3+ent.

Log Fragments

[ERROR] connect.ca: Failed to initialize Connect CA:
error=
| error configuring provider: Error making API request.
|
| Namespace: xxxx/xxxx
| URL: PUT https://vault.xxx.xxx/v1/auth/aws/login
| Code: 400. Errors:
|
| * entry for role xxx not found