feat: generate consul policy/tokens
- generate policy/token to add nodes - generate policy/token for all nodes - add base::root profile to manage aspects of the root user
This commit is contained in:
@@ -0,0 +1,23 @@
|
||||
# profiles::consul::policies
|
||||
class profiles::consul::policies (
|
||||
String $root_api_token = lookup('profiles::consul::server::acl_tokens_initial_management'),
|
||||
) {
|
||||
|
||||
consul_policy { 'node_editor':
|
||||
description => 'Policy to read/write all nodes puppet-generated-policy',
|
||||
rules => [
|
||||
{
|
||||
'resource' => 'node',
|
||||
'segment' => '',
|
||||
'disposition' => 'write'
|
||||
},
|
||||
{
|
||||
'resource' => 'node',
|
||||
'segment' => '',
|
||||
'disposition' => 'read'
|
||||
}
|
||||
],
|
||||
acl_api_token => $root_api_token,
|
||||
hostname => $facts['networking']['ip'],
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user