feat: add kubernetes ldap groups #51

unkinben · 2026-02-14T19:48:39+11:00

unkinben commented

2026-02-14 19:48:39 +11:00

vault's terraform approle doesnt need to access all of these kubernetes
roles, it was just added as a placeholder and access to the kubernetes
roles was via the vault_admin to-much-access account. this is an
effort to roll back that and make access more targeted.

add kubernetes* ldap groups for specific cluster/role combinations
remove tf_vault from kubernetes* roles

vault's terraform approle doesnt need to access all of these kubernetes roles, it was just added as a placeholder and access to the kubernetes roles was via the `vault_admin` to-much-access account. this is an effort to roll back that and make access more targeted. - add kubernetes* ldap groups for specific cluster/role combinations - remove tf_vault from kubernetes* roles

unkinben added 1 commit 2026-02-14 19:48:39 +11:00

feat: add kubernetes ldap groups 33a746e545

vault's terraform approle doesnt need to access all of these kubernetes
roles, it was just added as a placeholder and access to the kubernetes
roles was via the `vault_admin` to-much-access account. this is an
effort to roll back that and make access more targeted.

- add kubernetes* ldap groups for specific cluster/role combinations
- remove tf_vault from kubernetes* roles

unkinben merged commit 3fb5a64a17 into master

2026-02-14 19:48:56 +11:00

unkinben deleted branch benvin/kubernetes_ldap_groups

2026-02-14 19:48:56 +11:00

unkinben referenced this issue from a commit

2026-02-14 19:49:06 +11:00

Merge pull request 'feat: add kubernetes ldap groups' (#51) from benvin/kubernetes_ldap_groups into master

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: unkin/terraform-vault#51