Page MenuHomeDevCentral
Files F24678380

D3987.diff
No OneTemporary
Actions

D3987.diff
View Options

diff --git a/_modules/credentials.py b/_modules/credentials.py
--- a/_modules/credentials.py
+++ b/_modules/credentials.py
@@ -301,6 +301,15 @@
for _, vault_path in get_duid_credential_paths(node).items():
rules.append(_get_read_rule(vault_path))
+ rules.append(
+ _join_document_fragments(
+ [
+ _get_read_rule(vault_path)
+ for vault_path in __pillar__["vault_secrets_ubiquity"]
+ ]
+ )
+ )
+
policy = _join_document_fragments(rules)
if not policy:
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -305,3 +305,9 @@
# Main MariaDB cluster - Alkane PaaS, ViperServ
B:
- ops/secrets/dbserver/cluster-B/users/*
+
+vault_secrets_ubiquity:
+
+ # IPsec tunnels
+
+ - ops/secrets/network/ipsec/key

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 5, 18:52 (20 h, 39 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3499473
Default Alt Text
D3987.diff (903 B)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator