fix: do not allow any token creation for now, will have to avoid child tokens in tf provider config
This commit is contained in:
parent
0803966716
commit
9a4f2837a0
1
.cz.toml
1
.cz.toml
@ -1,6 +1,5 @@
|
||||
[tool.commitizen]
|
||||
name = "cz_conventional_commits"
|
||||
version_provider = "scm"
|
||||
# version_files = ["galaxy.yml:^version"]
|
||||
update_changelog_on_bump = true
|
||||
major_version_zero = true
|
||||
|
@ -26,5 +26,5 @@ resource "vault_identity_entity" "tenant_admin" {
|
||||
|
||||
resource "vault_policy" "tenant_admin" {
|
||||
name = "${var.tenant_name}-admin"
|
||||
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix, admin_policies = local.tenant_admin_policies }) : file(var.tenant_admin_policy_file)
|
||||
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
|
||||
}
|
||||
|
@ -5,13 +5,3 @@ path "${tenant_prefix}/*" {
|
||||
path "sys/mounts/${tenant_prefix}/*" {
|
||||
capabilities = ["create", "update", "read", "delete", "list"]
|
||||
}
|
||||
|
||||
path "auth/token/create" {
|
||||
capabilities = ["create", "update", "delete"]
|
||||
allowed_parameters = {
|
||||
"policies" = [
|
||||
[${for policy in admin_policies}${policy},${endfor}],
|
||||
[${for policy in reverse(admin_policies)}${policy},${endfor}]
|
||||
]
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user