fix: do not allow any token creation for now, will have to avoid child tokens in tf provider config

2024-05-25 18:39:53 +02:00 · 2024-05-25 18:39:53 +02:00 · 9a4f2837a0
commit 9a4f2837a0
parent 0803966716
3 changed files with 1 additions and 12 deletions
--- a/.cz.toml
+++ b/.cz.toml
@ -1,6 +1,5 @@
 [tool.commitizen]
 name = "cz_conventional_commits"
 version_provider = "scm"
-# version_files = ["galaxy.yml:^version"]
 update_changelog_on_bump = true
 major_version_zero = true
--- a/admin_approle.tf
+++ b/admin_approle.tf
@ -26,5 +26,5 @@ resource "vault_identity_entity" "tenant_admin" {

 resource "vault_policy" "tenant_admin" {
  name   = "${var.tenant_name}-admin"
-  policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix, admin_policies = local.tenant_admin_policies }) : file(var.tenant_admin_policy_file)
+  policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
 }
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@ -5,13 +5,3 @@ path "${tenant_prefix}/*" {
 path "sys/mounts/${tenant_prefix}/*" {
  capabilities = ["create", "update", "read", "delete", "list"]
 }
-
-path "auth/token/create" {
-  capabilities = ["create", "update", "delete"]
-  allowed_parameters = {
-    "policies" = [
-      [${for policy in admin_policies}${policy},${endfor}],
-      [${for policy in reverse(admin_policies)}${policy},${endfor}]
-    ]
-  }
-}