32 lines
709 B
HCL
32 lines
709 B
HCL
resource "nomad_acl_token" "vault" {
|
|
name = "vault"
|
|
type = "management"
|
|
}
|
|
|
|
resource "vault_nomad_secret_backend" "config" {
|
|
backend = "nomad"
|
|
description = "Nomad ACL"
|
|
token = nomad_acl_token.vault.secret_id
|
|
}
|
|
|
|
resource "vault_nomad_secret_role" "nomad-deploy" {
|
|
backend = vault_nomad_secret_backend.config.backend
|
|
role = "nomad-deploy"
|
|
policies = ["nomad-deploy"]
|
|
}
|
|
|
|
resource "vault_nomad_secret_role" "admin" {
|
|
backend = vault_nomad_secret_backend.config.backend
|
|
role = "admin-management"
|
|
type = "management"
|
|
}
|
|
|
|
resource "vault_policy" "nomad-deploy" {
|
|
name = "nomad-deploy"
|
|
policy = <<EOH
|
|
path "nomad/creds/nomad-deploy" {
|
|
capabilities = ["read"]
|
|
}
|
|
EOH
|
|
}
|