Add userpass login to Vault

.secrets-baseline

@@ -199,8 +199,16 @@
         "is_verified": false,
         "line_number": 10,
         "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "nomad/vault_hashi_vault_values.example.yml",
+        "hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
+        "is_verified": false,
+        "line_number": 22,
+        "is_secret": false
       }
     ]
   },
-  "generated_at": "2022-07-25T23:35:15Z"
+  "generated_at": "2022-07-27T03:09:38Z"
 }

nomad/acls/vault_login.tf

@@ -0,0 +1,8 @@
+resource "vault_auth_backend" "userpass" {
+  type = "userpass"
+
+  tune {
+    max_lease_ttl      = "1h"
+    listing_visibility = "unauth"
+  }
+}

nomad/acls/vault_policies.tf

@@ -0,0 +1,9 @@
+resource "vault_policy" "admin" {
+  name = "admin"
+
+  policy = <<EOF
+path "*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+  EOF
+}

nomad/bootstrap-values.yml

@@ -57,3 +57,11 @@
               data:
                 "{{ item.value }}"
           loop: "{{ hashi_vault_values | default({}) | dict2items }}"
+
+        - name: Write userpass
+          community.hashi_vault.vault_write:
+            url: "http://{{ inventory_hostname }}:8200"
+            token: "{{ root_token }}"
+            path: "auth/userpass/users/{{ item.name }}"
+            data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'
+          loop: "{{ vault_userpass }}"

nomad/vault_hashi_vault_values.example.yml

@@ -16,3 +16,8 @@ hashi_vault_values:
     alert_email_addresses: email@example.com
   backups:
     backup_passphrase: tellnoone
+
+vault_userpass:
+  - name: admin
+    password: foo
+    policies: default