From 2d345cc63b4b2971b35f2f0ca9c5e20abad3d0b3 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 11 Jan 2025 21:08:18 +1100
Subject: [PATCH] fix: fix rolename

- had duplicate role
- change policy name to match approle
- updated ttl as packer builds can take some time
---
 auth_approle_packer_builder.tf                | 6 +++---
 policies/kv/service/packer/packer-builder.hcl | 3 ---
 2 files changed, 3 insertions(+), 6 deletions(-)
 delete mode 100644 policies/kv/service/packer/packer-builder.hcl

diff --git a/auth_approle_packer_builder.tf b/auth_approle_packer_builder.tf
index 32858d0..2caa630 100644
--- a/auth_approle_packer_builder.tf
+++ b/auth_approle_packer_builder.tf
@@ -1,12 +1,12 @@
 resource "vault_approle_auth_backend_role" "packer_builder" {
-  role_name      = "terraform_nomad"
+  role_name      = "packer_builder"
   bind_secret_id = false
   token_policies = [
     "default_access",
     "packer_builder",
   ]
-  token_ttl     = 60
-  token_max_ttl = 120
+  token_ttl     = 300 # builds can take a few minutes
+  token_max_ttl = 600
   token_bound_cidrs = [
     "10.10.12.200/32",
     "198.18.13.67/32",
diff --git a/policies/kv/service/packer/packer-builder.hcl b/policies/kv/service/packer/packer-builder.hcl
deleted file mode 100644
index 79b114f..0000000
--- a/policies/kv/service/packer/packer-builder.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-path "kv/data/service/packer/builder/env" {
-  capabilities = ["read"]
-}
-- 
2.47.3