Add vault policy for nomad

This commit is contained in:
Amarpreet Minhas 2020-10-13 22:56:21 -04:00
parent 1559206ae4
commit ab729b2c46
2 changed files with 38 additions and 0 deletions

View file

@ -0,0 +1,30 @@
# Allow creating tokens under "nomad-cluster" role.
path "auth/token/create/nomad-cluster" {
capabilities = ["update"]
}
# Allow looking up "nomad-cluster" role.
path "auth/token/roles/nomad-cluster" {
capabilities = ["read"]
}
# Allow looking up incoming tokens to validate they have permissions to access
# the tokens they are requesting.
path "auth/token/lookup" {
capabilities = ["update"]
}
# Allow revoking tokens that should no longer exist.
path "auth/token/revoke-accessor" {
capabilities = ["update"]
}
# Allow checking the capabilities of our own token.
path "sys/capabilities-self" {
capabilities = ["update"]
}
# Allow our own token to be renewed.
path "auth/token/renew-self" {
capabilities = ["update"]
}

View file

@ -0,0 +1,8 @@
{
"disallowed_policies": "nomad-server,root",
"token_explicit_max_ttl": 0,
"name": "nomad-cluster",
"orphan": true,
"token_period": 259200,
"renewable": true
}