Page MenuHomeDevCentral

Allow Salt policy to create admin-level tokens
Changes PlannedPublic

Authored by dereckson on Sun, Jul 7, 13:19.
Tags
None
Referenced Files
F3344527: D3355.diff
Fri, Jul 12, 10:21
F3343747: D3355.diff
Fri, Jul 12, 07:25
Unknown Object (File)
Wed, Jul 10, 22:17
Unknown Object (File)
Wed, Jul 10, 09:16
Unknown Object (File)
Mon, Jul 8, 19:57
Unknown Object (File)
Mon, Jul 8, 19:23
Unknown Object (File)
Mon, Jul 8, 19:08
Subscribers
None

Details

Summary

To allow a self-service token generation in Complector, allows the
Salt primary policy to issue tokens for the admin role.

Ref T1975.

Test Plan

Issue an admin token with salt-primary policy

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
vault-self-service-token-policy
Build Status
Buildable 5333
Build 5614: arc lint + arc unit

Event Timeline

dereckson created this revision.

This is not the correct paths -> Salt returns a 403 when using this policy.

It works with an overkill path "auth/*".

dereckson retitled this revision from Allow Salt to create admin-level tokens to Allow Salt policy to create admin-level tokens.Sun, Jul 7, 13:58

By the way, the token used by Salt has the following properties:

metadata: {'role_name': 'salt_primary'}
policies: ['default', 'salt', 'salt-node-complector']

It means the policies read are salt (stable) and salt-node-complector (depends of the server name).