feat: change certmanage to approles

- created approle 'certmanager' using 'certmanager' policy
- update certmanager script to generate token based on roleid
This commit is contained in:
2024-04-04 00:32:08 +11:00
parent e69b3a9dc4
commit 5bde96fb4d
4 changed files with 26 additions and 5 deletions
@@ -1,2 +1,3 @@
---
certmanager::vault_token: ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWh7bsttz/JCBo/CPoCgA2doo3jO6jT6NsOoE3/06W2IW+Ij6KHKYILMkG3tS4NAegMI48QR9n++4Xa7u+97w1HO4ENpfLrkuKUcWUFCxxb2OdWhxucIlt3Ay/2+tofOSvqiRKeEISBtOK//Q1a4Iu5GwEP+lvDQ5rcoS0dryNie/okXaLratWOsmctJ6LFuUw5siCcFyUzfvr2ROsB14YoF989np+X1dJqBWxcLmbVNKx766GrRhb1WGeF0qxounCmWEKGt0zY4Zk27KNFlFu7XByDWZoSCVCMvkQaRKhvdNA39Y9vscZJGPGFhz+qKPoeqwUidz0IY51CaFSXewmzCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQC+e2iOlFLlr9inVU8nEVWIBgqb0u/ICsLtxZqOpN9OIFWl+4hVrvTo24JzTc1jMSCONeL4Ab7jtTMbsweE9zUf6XlwhHLXfxfg7FL3WBsOWCUBXIAh338cZCXUGX7m0Qvtgg3VTEbTNDJhZle8Sjo6Gl]
certmanager::role_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQC5vU3lOdQOOqw/m42V9JK72TVoR7eGA6wNXz1VQeI5pIcOrDzXjWcfrtY1xbMI9EfvDEeJ5lpiSfSbvejLHJPkIi2efrkUMpB2lhxvxm8xxQVVU6UVEqHFAEIQynSDuq2I3UCPCD3KweGnAa73GuytugzswVvNSdXuBzLuMgt36ufNctmMLsqgY2YVAkUPfmud+a18L//ut6Z85TCcv74am9XBb4+Yd7g3QHLxvbtoNzlAStk9fUcbCurmsEGjuccV4VHe9C4Nxloai0wNXAu2XMRjsZWD77Swc5dDVhtXXs7MPO8DntTHpYIb3Q3UJLSVf2NyPwQQ5VQiGrs0Z5DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBuj+gOJRwlvgUBPHO7SOJegDC8dKDpyooSYlgoe07UYir5xSRxPynnR9c83s20F+H7K8ng4G5PALRJRQNNsf82EGQ=]
+2 -1
View File
@@ -30,6 +30,7 @@ profiles::puppet::gems::puppet:
profiles::helpers::certmanager::vault_config:
addr: 'https://198.18.17.39:8200'
mount_point: 'pki_int'
approle_path: 'approle'
role_name: 'servers_default'
output_path: '/tmp/certmanager'
token: "%{lookup('certmanager::vault_token')}"
role_id: "%{lookup('certmanager::role_id')}"