Page MenuHomeDevCentral

Allow to issue Vault token with admin policy
ClosedPublic

Authored by dereckson on Jul 7 2024, 14:23.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 10:38
Unknown Object (File)
Sat, Dec 7, 09:25
Unknown Object (File)
Tue, Dec 3, 02:03
Unknown Object (File)
Mon, Dec 2, 23:25
Unknown Object (File)
Wed, Nov 27, 21:11
Unknown Object (File)
Sun, Nov 24, 19:05
Unknown Object (File)
Sun, Nov 24, 18:56
Unknown Object (File)
Sun, Nov 24, 17:20
Subscribers
None

Details

Summary

Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Ref T1975

Test Plan

Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Errors
SeverityLocationCodeMessage
Errorutils/vault/issue-admin-token.py:15F401flake8 F401
Errorutils/vault/issue-admin-token.py:19E225flake8 E225
Errorutils/vault/issue-admin-token.py:36F841flake8 F841
Errorutils/vault/issue-admin-token.py:39E501flake8 E501
Unit
No Test Coverage
Branch
vault-self-service-token-policy
Build Status
Buildable 5335
Build 5616: arc lint + arc unit