update policy/rules in vault_policy, add vault token renew cron job.

2024-12-16 04:40:35 +00:00 · 2018-03-05 13:05:42 -05:00 · 2018-03-05 13:05:42 -05:00 · 7a93cba305
commit 7a93cba305
parent f856290e11
2 changed files with 19 additions and 2 deletions
--- a/manifests/common.pp
+++ b/manifests/common.pp
@ -73,5 +73,12 @@ END
      environment => "MAILTO=${contact_email}",
    }

+    # renew vault token
+    cron { 'renew vault token':
+      command => "$vault_bin token-renew > /dev/null",
+      user    => $user,
+      weekday => 1,
+    }
+
 }

--- a/vault_policy.sh
+++ b/vault_policy.sh
@ -18,8 +18,18 @@ path "secret/dns_api/token" {
  capabilities = ["read"]
 }
 '
-vault write sys/policy/cert_read policy=@<(echo $cert_read)
-vault write sys/policy/cert_write policy=@<(echo $cert_write)
+
+# the key here changed from "rules" to "policy" in v0.9, this is a basic check
+
+if vault --version | grep -q 'v0.8'
+then
+    K=rules
+else
+    K=policy
+fi
+
+vault write sys/policy/cert_read $K=@<(echo $cert_read)
+vault write sys/policy/cert_write $K=@<(echo $cert_write)

 # create periodic tokens:
 # these tokens have a period of 20 days, they will expire if not renewed.