Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
added named roles feature for module.vault #48586
What does this PR do?
Added an option to define named role for creation of vault tokens. This is the preferred way to control access permissions and available policies of secondary minion tokens: https://www.vaultproject.io/api/auth/token/index.html#create-token
What issues does this PR fix or reference?
Child token can have any policies main token have (this is only controlled by vault security mechanisms). Child token can have an option to create other tokens (as parent token does), leading to security risks.
User can define specific token named role for minion created tokens and explicitly define its behavior and access policies. Example: https://www.nomadproject.io/docs/vault-integration/index.html#vault-token-role-configuration
Commits signed with GPG?
@astorath Can you fix the lint errors?