add admin policy

This commit is contained in:
vincent 2022-08-10 19:30:20 +02:00
parent 0c1fbdc947
commit c0729bba2b

View File

@ -71,3 +71,46 @@ resource "vault_policy" "ansible" {
name = "ansible" name = "ansible"
policy= data.vault_policy_document.ansible.hcl policy= data.vault_policy_document.ansible.hcl
} }
data "vault_policy_document" "admin_policy" {
rule {
path = "auth/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/auth/*"
capabilities = ["create", "update", "delete", "sudo"]
}
rule {
path = "sys/auth"
capabilities = ["read"]
}
rule {
path = "sys/health"
capabilities = ["read", "sudo"]
}
rule {
path = "sys/policies/acl"
capabilities = ["list"]
}
rule {
path = "sys/policies/acl/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "secrets/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/mounts/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/mounts"
capabilities = ["read","list"]
}
}
resource "vault_policy" "admin_policy" {
name = "admin_policy"
policy= data.vault_policy_document.admin_policy.hcl
}