Add auth and state access for terraform-rancher
Mirrors the terraform-authentik runner setup (#78/#81/#82) for the new terraform-rancher repo, which manages Rancher's Authentik OIDC auth via the rancher2 provider. - AppRole terraform_rancher + k8s auth role woodpecker_terraform_rancher. - Consul secret backend role + ACL policy granting write to the infra/terraform/rancher/ state prefix. - Vault policies: read the Rancher admin API token (kv/service/terraform/rancher) and the keycloakoidc client secret (kv/kubernetes/namespace/cattle-system/default/oauth-credentials), plus the consul_root state creds.
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
token_ttl: 120
|
||||
token_max_ttl: 120
|
||||
bind_secret_id: false
|
||||
token_bound_cidrs:
|
||||
- "10.10.12.200/32"
|
||||
- "198.18.25.102/32"
|
||||
- "198.18.26.91/32"
|
||||
- "198.18.27.40/32"
|
||||
use_deterministic_role_id: true
|
||||
Reference in New Issue
Block a user