vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5253490f65
homelab/vault/policy.tf
vincent 27847f256b
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
add vault snapshot
2023-08-27 17:06:45 +02:00

119 lines
2.5 KiB
HCL
Raw Blame History

data "vault_policy_document" "nomad_server_policy" {
rule {
path = "auth/token/create/nomad-cluster"
capabilities = ["update"]
}
rule {
path = "auth/token/roles/nomad-cluster"
capabilities = ["read"]
}
rule {
path = "auth/token/lookup"
capabilities = ["update"]
}
rule {
path = "sys/capabilities-self"
capabilities = ["update"]
}
rule {
path = "auth/token/revoke-accessor"
capabilities = ["update"]
}
rule {
path = "sys/capabilities-self"
capabilities = ["update"]
}
rule {
path = "auth/token/renew-self"
capabilities = ["update"]
}
}
resource "vault_policy" "nomad-server-policy" {
name = "nomad-server-policy"
policy = data.vault_policy_document.nomad_server_policy.hcl
}
data "vault_policy_document" "ansible" {
rule {
path = "secrets/data/ansible/*"
capabilities = ["read", "list"]
}
rule {
path = "secrets/data/ansible"
capabilities = ["read", "list"]
}
rule {
path = "secrets/data/database"
capabilities = ["read", "list"]
}
rule {
path = "secrets/data/database/*"
capabilities = ["read", "list"]
}
}
resource "vault_policy" "ansible" {
name = "ansible"
policy= data.vault_policy_document.ansible.hcl
}
data "vault_policy_document" "admin_policy" {
rule {
path = "auth/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/auth/*"
capabilities = ["create", "update", "delete", "sudo"]
}
rule {
path = "sys/auth"
capabilities = ["read"]
}
rule {
path = "sys/health"
capabilities = ["read", "sudo"]
}
rule {
path = "sys/policies/acl"
capabilities = ["list"]
}
rule {
path = "sys/policies/acl/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/storage/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "secrets/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/mounts/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/mounts"
capabilities = ["read","list"]
}
rule {
path = "sys/leases/*"
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
rule {
path = "sys/leases/lookup"
capabilities = ["list","sudo"]
}
}
resource "vault_policy" "admin_policy" {
name = "admin_policy"
policy= data.vault_policy_document.admin_policy.hcl
}
Reference in New Issue View Git Blame Copy Permalink