Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F8321947
salt-primary.hcl
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
salt-primary.hcl
View Options
# -------------------------------------------------------------
# Vault configuration - Policy for salt primary server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/vault/policies/files/salt_primary.hcl
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
# -------------------------------------------------------------
# Policies management
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
path "sys/policies/acl" {
capabilities = ["list"]
}
path "sys/policies/acl/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
path "sys/policy" {
capabilities = ["list"]
}
path "sys/policy/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# -------------------------------------------------------------
# Tokens management
#
# :: Create, check, revoke tokens to be used by nodes through Salt
# :: Manage and renew own token
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
path "auth/token/create/salt-node-*" {
capabilities = ["update"]
}
path "auth/token/roles/salt-node-*" {
capabilities = ["read"]
}
path "auth/token/lookup-self" {
capabilities = ["read"]
}
path "auth/token/renew-self" {
capabilities = ["update"]
}
path "auth/token/lookup" {
capabilities = ["update"]
}
path "auth/token/revoke-accessor" {
capabilities = ["update"]
}
path "sys/capabilities-self" {
capabilities = ["update"]
}
path "transit/keys/*"{
capabilities = ["create"]
}
# -------------------------------------------------------------
# RabbitMQ credentials
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for cluster, cluster_args in pillar.get("rabbitmq_clusters", {}).items() %}
# Cluster: {{ cluster }}
{% for user, credential in cluster_args.get("users", {}).items() %}
path "{{ credential.replace("/", "/data/", 1) }}" {
capabilities = [ "read" ]
}
{% endfor %}
{% endfor %}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, May 13, 16:56 (1 d, 3 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2643957
Default Alt Text
salt-primary.hcl (2 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment