7cafafd483
found kubernetes vaultauth resources never picking up new policies, because they would infinitely renew their token. - set default max token length for roles to 1 day - changed all existing role token_max_ttl to match their token_ttl
42 lines
1.1 KiB
Terraform
42 lines
1.1 KiB
Terraform
variable "backend" {
|
|
description = "The unique path of the Kubernetes auth backend to configure"
|
|
type = string
|
|
}
|
|
|
|
variable "role_name" {
|
|
description = "The name of the role"
|
|
type = string
|
|
}
|
|
|
|
variable "bound_service_account_names" {
|
|
description = "List of service account names able to access this role"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "bound_service_account_namespaces" {
|
|
description = "List of namespaces allowed to access this role"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "token_ttl" {
|
|
description = "The TTL period of tokens issued using this role, in seconds"
|
|
type = number
|
|
default = 3600
|
|
}
|
|
|
|
variable "token_max_ttl" {
|
|
description = "The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time."
|
|
type = number
|
|
default = 86400
|
|
}
|
|
|
|
variable "token_policies" {
|
|
description = "List of policies to assign to the role (passed from policy_auth_map)"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "audience" {
|
|
description = "Audience claim to verify in the JWT"
|
|
type = string
|
|
default = "vault"
|
|
} |