infra/vault/policies/nomad-server.hcl

# Allow creating tokens under "nomad-cluster" role.
path "auth/token/create/nomad-cluster" {
  capabilities = ["update"]
}

# Allow looking up "nomad-cluster" role.
path "auth/token/roles/nomad-cluster" {
  capabilities = ["read"]
}

# Allow looking up incoming tokens to validate they have permissions to access
# the tokens they are requesting.
path "auth/token/lookup" {
  capabilities = ["update"]
}

# Allow revoking tokens that should no longer exist.
path "auth/token/revoke-accessor" {
  capabilities = ["update"]
}

# Allow checking the capabilities of our own token.
path "sys/capabilities-self" {
  capabilities = ["update"]
}

# Allow our own token to be renewed.
path "auth/token/renew-self" {
  capabilities = ["update"]
}
Add vault policy for nomad 2020-10-14 02:56:21 +00:00			`# Allow creating tokens under "nomad-cluster" role.`
			`path "auth/token/create/nomad-cluster" {`
			`capabilities = ["update"]`
			`}`

			`# Allow looking up "nomad-cluster" role.`
			`path "auth/token/roles/nomad-cluster" {`
			`capabilities = ["read"]`
			`}`

			`# Allow looking up incoming tokens to validate they have permissions to access`
			`# the tokens they are requesting.`
			`path "auth/token/lookup" {`
			`capabilities = ["update"]`
			`}`

			`# Allow revoking tokens that should no longer exist.`
			`path "auth/token/revoke-accessor" {`
			`capabilities = ["update"]`
			`}`

			`# Allow checking the capabilities of our own token.`
			`path "sys/capabilities-self" {`
			`capabilities = ["update"]`
			`}`

			`# Allow our own token to be renewed.`
			`path "auth/token/renew-self" {`
			`capabilities = ["update"]`
			`}`