policies: let terraform-authentik read its provider API token #82
Reference in New Issue
Block a user
Delete Branch "benvin/authentik-provider-token"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Why
terraform-authentik's provider needs an Authentik API token (
TF_VAR_authentik_token), now sourced from Vault atkv/service/terraform/authentik(Makefile wiring in terraform-authentik #2). The CI role needs read access to that path.Change
Extend
policies/kv/service/terraform/authentik.yamlto also grant read onkv/data/service/terraform/authentikfor theterraform_authentikapprole +woodpecker_terraform_authentikk8s role.