Page MenuHomeDevCentral

Allow to issue Vault token with admin policy
ClosedPublic

Authored by dereckson on Jul 7 2024, 14:23.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 10:38
Unknown Object (File)
Sat, Dec 7, 09:25
Unknown Object (File)
Tue, Dec 3, 02:03
Unknown Object (File)
Mon, Dec 2, 23:25
Unknown Object (File)
Wed, Nov 27, 21:11
Unknown Object (File)
Sun, Nov 24, 19:05
Unknown Object (File)
Sun, Nov 24, 18:56
Unknown Object (File)
Sun, Nov 24, 17:20
Subscribers
None

Details

Summary

Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Ref T1975

Test Plan

Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
vault-self-service-token-policy
Build Status
Buildable 5336
Build 5617: arc lint + arc unit