github.com/hernad/nomad@v1.6.112/e2e/vaultcompat/consts_test.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package vaultcompat
     5  
     6  import (
     7  	"github.com/hernad/nomad/api"
     8  	"github.com/hernad/nomad/helper/pointer"
     9  )
    10  
    11  const (
    12  	// policy is the recommended Nomad Vault policy
    13  	policy = `path "auth/token/create/nomad-cluster" {
    14    capabilities = ["update"]
    15  }
    16  path "auth/token/roles/nomad-cluster" {
    17    capabilities = ["read"]
    18  }
    19  path "auth/token/lookup-self" {
    20    capabilities = ["read"]
    21  }
    22  
    23  path "auth/token/lookup" {
    24    capabilities = ["update"]
    25  }
    26  path "auth/token/revoke-accessor" {
    27    capabilities = ["update"]
    28  }
    29  path "sys/capabilities-self" {
    30    capabilities = ["update"]
    31  }
    32  path "auth/token/renew-self" {
    33    capabilities = ["update"]
    34  }`
    35  )
    36  
    37  var (
    38  	// role is the recommended nomad cluster role
    39  	role = map[string]interface{}{
    40  		"disallowed_policies": "nomad-server",
    41  		"explicit_max_ttl":    0, // use old name for vault compatibility
    42  		"name":                "nomad-cluster",
    43  		"orphan":              false,
    44  		"period":              259200, // use old name for vault compatibility
    45  		"renewable":           true,
    46  	}
    47  
    48  	// job is a test job that is used to request a Vault token and cat the token
    49  	// out before exiting.
    50  	job = &api.Job{
    51  		ID:          pointer.Of("test"),
    52  		Type:        pointer.Of("batch"),
    53  		Datacenters: []string{"dc1"},
    54  		TaskGroups: []*api.TaskGroup{
    55  			{
    56  				Name: pointer.Of("test"),
    57  				Tasks: []*api.Task{
    58  					{
    59  						Name:   "test",
    60  						Driver: "raw_exec",
    61  						Config: map[string]interface{}{
    62  							"command": "cat",
    63  							"args":    []string{"${NOMAD_SECRETS_DIR}/vault_token"},
    64  						},
    65  						Vault: &api.Vault{
    66  							Policies: []string{"default"},
    67  						},
    68  					},
    69  				},
    70  				RestartPolicy: &api.RestartPolicy{
    71  					Attempts: pointer.Of(0),
    72  					Mode:     pointer.Of("fail"),
    73  				},
    74  			},
    75  		},
    76  	}
    77  )