github.com/hernad/nomad@v1.6.112/e2e/vaultcompat/consts_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package vaultcompat 5 6 import ( 7 "github.com/hernad/nomad/api" 8 "github.com/hernad/nomad/helper/pointer" 9 ) 10 11 const ( 12 // policy is the recommended Nomad Vault policy 13 policy = `path "auth/token/create/nomad-cluster" { 14 capabilities = ["update"] 15 } 16 path "auth/token/roles/nomad-cluster" { 17 capabilities = ["read"] 18 } 19 path "auth/token/lookup-self" { 20 capabilities = ["read"] 21 } 22 23 path "auth/token/lookup" { 24 capabilities = ["update"] 25 } 26 path "auth/token/revoke-accessor" { 27 capabilities = ["update"] 28 } 29 path "sys/capabilities-self" { 30 capabilities = ["update"] 31 } 32 path "auth/token/renew-self" { 33 capabilities = ["update"] 34 }` 35 ) 36 37 var ( 38 // role is the recommended nomad cluster role 39 role = map[string]interface{}{ 40 "disallowed_policies": "nomad-server", 41 "explicit_max_ttl": 0, // use old name for vault compatibility 42 "name": "nomad-cluster", 43 "orphan": false, 44 "period": 259200, // use old name for vault compatibility 45 "renewable": true, 46 } 47 48 // job is a test job that is used to request a Vault token and cat the token 49 // out before exiting. 50 job = &api.Job{ 51 ID: pointer.Of("test"), 52 Type: pointer.Of("batch"), 53 Datacenters: []string{"dc1"}, 54 TaskGroups: []*api.TaskGroup{ 55 { 56 Name: pointer.Of("test"), 57 Tasks: []*api.Task{ 58 { 59 Name: "test", 60 Driver: "raw_exec", 61 Config: map[string]interface{}{ 62 "command": "cat", 63 "args": []string{"${NOMAD_SECRETS_DIR}/vault_token"}, 64 }, 65 Vault: &api.Vault{ 66 Policies: []string{"default"}, 67 }, 68 }, 69 }, 70 RestartPolicy: &api.RestartPolicy{ 71 Attempts: pointer.Of(0), 72 Mode: pointer.Of("fail"), 73 }, 74 }, 75 }, 76 } 77 )