Paths

Table of Contentst

Differential D3357

Allow to issue Vault token with admin policy
ClosedPublic
Actions

Authored by dereckson on Jul 7 2024, 14:23.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Oct 16, 07:23

	Unknown Object (File)
	Wed, Oct 16, 07:01

	Unknown Object (File)
	Sun, Oct 13, 09:19

	Unknown Object (File)
	Sun, Oct 13, 09:18

	Unknown Object (File)
	Sun, Oct 13, 09:18

	Unknown Object (File)
	Sun, Oct 13, 08:56

	Unknown Object (File)
	Sun, Oct 13, 08:12

	Unknown Object (File)
	Sat, Oct 12, 08:19

Subscribers

None

Details

Reviewers

Maniphest Tasks

T1975: Allow ops to login to Vault

Commits

rOPS02c2202539c6: Allow to issue Vault token with admin policy

Summary

Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Test Plan

Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Errors

Severity	Location	Code	Message
Error	utils/vault/issue-admin-token.py:15	F401	flake8 F401
Error	utils/vault/issue-admin-token.py:19	E225	flake8 E225
Error	utils/vault/issue-admin-token.py:36	F841	flake8 F841
Error	utils/vault/issue-admin-token.py:39	E501	flake8 E501

Unit

No Test Coverage

Branch

vault-self-service-token-policy

Build Status

Buildable 5335
Build 5616: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Jul 7 2024, 14:23

dereckson created this revision.

Harbormaster completed remote builds in B5335: Diff 8658.Jul 7 2024, 14:23

Flake8, black

Harbormaster completed remote builds in B5336: Diff 8659.Jul 7 2024, 14:25

DorianWinty accepted this revision.Jul 9 2024, 17:06

This revision is now accepted and ready to land.Jul 9 2024, 17:06

Closed by commit rOPS02c2202539c6: Allow to issue Vault token with admin policy (authored by dereckson). · Explain WhyJul 9 2024, 22:33

This revision was automatically updated to reflect the committed changes.

dereckson added a commit: rOPS02c2202539c6: Allow to issue Vault token with admin policy.

Revision Contents
Changeset List

Path

Size

roles/

salt-primary/

software/

2 lines

utils/

vault/

issue-admin-token.py

68 lines

Diff 8658

roles/salt-primary/software/init.sls

Loading...

utils/vault/issue-admin-token.py

Loading...