Add userpass login to Vault

This commit is contained in:
IamTheFij 2022-07-26 20:09:52 -07:00
parent b4bb0f866e
commit 3033c581f3
5 changed files with 39 additions and 1 deletions

View File

@ -199,8 +199,16 @@
"is_verified": false, "is_verified": false,
"line_number": 10, "line_number": 10,
"is_secret": false "is_secret": false
},
{
"type": "Secret Keyword",
"filename": "nomad/vault_hashi_vault_values.example.yml",
"hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
"is_verified": false,
"line_number": 22,
"is_secret": false
} }
] ]
}, },
"generated_at": "2022-07-25T23:35:15Z" "generated_at": "2022-07-27T03:09:38Z"
} }

View File

@ -0,0 +1,8 @@
resource "vault_auth_backend" "userpass" {
type = "userpass"
tune {
max_lease_ttl = "1h"
listing_visibility = "unauth"
}
}

View File

@ -0,0 +1,9 @@
resource "vault_policy" "admin" {
name = "admin"
policy = <<EOF
path "*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
EOF
}

View File

@ -57,3 +57,11 @@
data: data:
"{{ item.value }}" "{{ item.value }}"
loop: "{{ hashi_vault_values | default({}) | dict2items }}" loop: "{{ hashi_vault_values | default({}) | dict2items }}"
- name: Write userpass
community.hashi_vault.vault_write:
url: "http://{{ inventory_hostname }}:8200"
token: "{{ root_token }}"
path: "auth/userpass/users/{{ item.name }}"
data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'
loop: "{{ vault_userpass }}"

View File

@ -16,3 +16,8 @@ hashi_vault_values:
alert_email_addresses: email@example.com alert_email_addresses: email@example.com
backups: backups:
backup_passphrase: tellnoone backup_passphrase: tellnoone
vault_userpass:
- name: admin
password: foo
policies: default