unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: add ldap groups for kubernetes/vault
All checks were successful
Build / precommit (pull_request) Successful in 6m53s
Details

Browse Source 
need to separate the permissions inside vault into different groups, one
per-permission.

- add group for each kubernetes role in vault
This commit is contained in:
Ben Vincent 2026-02-14 19:11:30 +11:00
parent 4e652ccbe6
commit 9e98c714f9
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hieradata/roles/infra/auth/glauth.yaml
View File

@ -66,6 +66,9 @@ glauth::users:
- 20025 # jupyterhub_admin - 20025 # jupyterhub_admin
- 20026 # jupyterhub_user - 20026 # jupyterhub_user
- 20027 # grafana_user - 20027 # grafana_user
- 20028 # k8s/au/syd1 operator
- 20029 # k8s/au/syd1 admin
- 20030 # k8s/au/syd1 root
loginshell: '/bin/bash' loginshell: '/bin/bash'
homedir: '/home/benvin' homedir: '/home/benvin'
passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a' passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
@ -385,3 +388,12 @@ glauth::groups:
grafana_user: grafana_user:
group_name: 'grafana_user' group_name: 'grafana_user'
gidnumber: 20027 gidnumber: 20027
kubernetes_au_syd1_cluster_operator:
group_name: 'kubernetes_au_syd1_cluster_operator'
gidnumber: 20028
kubernetes_au_syd1_cluster_admin:
group_name: 'kubernetes_au_syd1_cluster_admin'
gidnumber: 20029
kubernetes_au_syd1_cluster_root:
group_name: 'kubernetes_au_syd1_cluster_root'
gidnumber: 20030