HomeDevCentral

Avoid a server to keep access to stale Vault policies

Description

Avoid a server to keep access to stale Vault policies

Summary:
If a server lose access to any policy, it would keep the last state.

Instead, we now submit a new policy "intentionally left blank"
to explicitly document that node doesn't have access to anything.

This is a follow-up for af9db00760be.

Ref T1425.

Test Plan:
salt-call --local credentials.build_policies_by_node

Tested on Complector, we've a correct set of policies for every node.

Reviewers: DorianWinty

Reviewed By: DorianWinty

Maniphest Tasks: T1425

Differential Revision: https://devcentral.nasqueron.org/D2671

Details

Provenance
derecksonAuthored on Apr 15 2022, 19:04
derecksonPushed on Apr 19 2022, 18:55
derecksonPushed on Apr 19 2022, 18:55
Reviewer
DorianWinty
Differential Revision
D2671: Avoid a server to keep access to stale Vault policies
Parents
rOPS7e0c3d8bb793: Avoid to share credentials between dev and prod Docker engines
Branches
Unknown
Tags
Unknown
Tasks
T1425: Provision secrets through Salt