diff --git a/acls/nomad_vault.tf b/acls/nomad_vault.tf index 3c38c63..3f4a13a 100644 --- a/acls/nomad_vault.tf +++ b/acls/nomad_vault.tf @@ -35,12 +35,24 @@ EOH resource "vault_token_auth_backend_role" "nomad-cluster" { role_name = "nomad-cluster" token_explicit_max_ttl = 0 - allowed_policies = ["access-tables"] + allowed_policies = ["access-tables", "nomad-task"] orphan = true token_period = 259200 renewable = true } +# Policy for clusters +resource "vault_policy" "nomad-task" { + name = "nomad-task" + policy = <