Paths

Table of Contentst

Differential D3357

Allow to issue Vault token with admin policy
ClosedPublic
Actions

Authored by dereckson on Jul 7 2024, 14:23.

Details

Reviewers

DorianWinty

Maniphest Tasks

T1975: Allow ops to login to Vault

Commits

rOPS02c2202539c6: Allow to issue Vault token with admin policy

Summary

Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Ref T1975

Test Plan

Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

vault-self-service-token-policy

Build Status

Buildable 5336
Build 5617: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Jul 7 2024, 14:23

dereckson created this revision.

Harbormaster completed remote builds in B5335: Diff 8658.Jul 7 2024, 14:23

Flake8, black

Harbormaster completed remote builds in B5336: Diff 8659.Jul 7 2024, 14:25

DorianWinty accepted this revision.Jul 9 2024, 17:06

This revision is now accepted and ready to land.Jul 9 2024, 17:06

Closed by commit rOPS02c2202539c6: Allow to issue Vault token with admin policy (authored by dereckson). · Explain WhyJul 9 2024, 22:33

This revision was automatically updated to reflect the committed changes.

dereckson added a commit: rOPS02c2202539c6: Allow to issue Vault token with admin policy.

Revision Contents
Changeset List

Path

Size

roles/

salt-primary/

software/

init.sls

2 lines

utils/

vault/

issue-admin-token.py

67 lines

Diff 8659

View Options

roles/salt-primary/software/init.sls