From 126cd6743f26d05b80a2f156f6cd15a9d044c18c Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Fri, 15 Apr 2022 12:12:15 -0700 Subject: [PATCH] WIP nomad vault db integration --- acls/nomad_vault.tf | 66 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/acls/nomad_vault.tf b/acls/nomad_vault.tf index f2cfdef..3c38c63 100644 --- a/acls/nomad_vault.tf +++ b/acls/nomad_vault.tf @@ -1,3 +1,4 @@ +# Set up nomad provider in vault for Nomad ACLs resource "nomad_acl_token" "vault" { name = "vault" type = "management" @@ -29,3 +30,68 @@ path "nomad/creds/nomad-deploy" { } EOH } + +# Nomad Vault token access +resource "vault_token_auth_backend_role" "nomad-cluster" { + role_name = "nomad-cluster" + token_explicit_max_ttl = 0 + allowed_policies = ["access-tables"] + orphan = true + token_period = 259200 + renewable = true +} + +# Policy for nomad tokens +resource "vault_policy" "nomad-token" { + name = "nomad-server" + policy = <