Page MenuHomeDevCentral

Allow to issue Vault token with admin policy
ClosedPublic

Authored by dereckson on Jul 7 2024, 14:23.
Tags
None
Referenced Files
F3793685: D3357.diff
Wed, Nov 27, 21:11
Unknown Object (File)
Sun, Nov 24, 19:05
Unknown Object (File)
Sun, Nov 24, 18:56
Unknown Object (File)
Sun, Nov 24, 17:20
Unknown Object (File)
Sun, Nov 24, 15:53
Unknown Object (File)
Wed, Nov 20, 11:07
Unknown Object (File)
Tue, Nov 19, 04:01
Unknown Object (File)
Sun, Nov 17, 13:15
Subscribers
None

Details

Summary

Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Ref T1975

Test Plan

Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable