diff --git a/acls/nomad_vault.tf b/acls/nomad_vault.tf index f2cfdef..3c38c63 100644 --- a/acls/nomad_vault.tf +++ b/acls/nomad_vault.tf @@ -1,3 +1,4 @@ +# Set up nomad provider in vault for Nomad ACLs resource "nomad_acl_token" "vault" { name = "vault" type = "management" @@ -29,3 +30,68 @@ path "nomad/creds/nomad-deploy" { } EOH } + +# Nomad Vault token access +resource "vault_token_auth_backend_role" "nomad-cluster" { + role_name = "nomad-cluster" + token_explicit_max_ttl = 0 + allowed_policies = ["access-tables"] + orphan = true + token_period = 259200 + renewable = true +} + +# Policy for nomad tokens +resource "vault_policy" "nomad-token" { + name = "nomad-server" + policy = <