Page MenuHomeDevCentral
Files F14038860

init.sls
No OneTemporary
Actions

init.sls
View Options

# -------------------------------------------------------------
# Salt — Vault
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set policies_path = pillar['vault_policies_path'] %}
# -------------------------------------------------------------
# Policies storage folder
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ policies_path }}:
file.directory:
- makedirs: True
# -------------------------------------------------------------
# Policies from vault_policies pillar entry
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for policy in pillar['vault_policies'] %}
{% set policy_path = policies_path + "/" + policy + ".hcl" %}
{{ policy_path }}:
file.managed:
- source: salt://roles/vault/policies/files/{{ policy }}.hcl
- template: jinja
vault_policy_{{ policy }}:
credentials.vault_policy_present:
- name: {{ policy }}
- policy_file: {{ policy_path }}
- onchanges:
- file: {{ policy_path }}
{% endfor %}
{% set salt_policy = pillar["vault_salt_primary_policy"] %}
{% if salt_policy["target"] != salt_policy["source"] %}
{% set policy_path = policies_path + "/" + salt_policy["source"] + ".hcl" %}
vault_policy_copy_for_salt:
credentials.vault_policy_present:
- name: {{ salt_policy["target"] }}
- policy_file: {{ policy_path }}
- onchanges:
- file: {{ policy_path }}
{% endif %}
# -------------------------------------------------------------
# Policies per nodes intended to be used through Salt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for node, rules in salt['credentials.build_policies_by_node']().items() %}
salt-node-{{ node }}:
vault.policy_present:
- rules: |
#
# <auto-generated>
# This policy is managed by our rOPS SaltStack repository.
# </auto-generated>
#
{{ rules | indent(8) }}
{% endfor %}

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 28, 17:32 (3 h, 6 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3168258
Default Alt Text
init.sls (2 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator