github.com/manicqin/nomad@v0.9.5/e2e/vault/consts_test.go (about) 1 package vault 2 3 import ( 4 "github.com/hashicorp/nomad/api" 5 "github.com/hashicorp/nomad/helper" 6 ) 7 8 const ( 9 // policy is the recommended Nomad Vault policy 10 policy = `path "auth/token/create/nomad-cluster" { 11 capabilities = ["update"] 12 } 13 path "auth/token/roles/nomad-cluster" { 14 capabilities = ["read"] 15 } 16 path "auth/token/lookup-self" { 17 capabilities = ["read"] 18 } 19 20 path "auth/token/lookup" { 21 capabilities = ["update"] 22 } 23 path "auth/token/revoke-accessor" { 24 capabilities = ["update"] 25 } 26 path "sys/capabilities-self" { 27 capabilities = ["update"] 28 } 29 path "auth/token/renew-self" { 30 capabilities = ["update"] 31 }` 32 ) 33 34 var ( 35 // role is the recommended nomad cluster role 36 role = map[string]interface{}{ 37 "disallowed_policies": "nomad-server", 38 "explicit_max_ttl": 0, // use old name for vault compatibility 39 "name": "nomad-cluster", 40 "orphan": false, 41 "period": 259200, // use old name for vault compatibility 42 "renewable": true, 43 } 44 45 // job is a test job that is used to request a Vault token and cat the token 46 // out before exiting. 47 job = &api.Job{ 48 ID: helper.StringToPtr("test"), 49 Type: helper.StringToPtr("batch"), 50 Datacenters: []string{"dc1"}, 51 TaskGroups: []*api.TaskGroup{ 52 { 53 Name: helper.StringToPtr("test"), 54 Tasks: []*api.Task{ 55 { 56 Name: "test", 57 Driver: "raw_exec", 58 Config: map[string]interface{}{ 59 "command": "cat", 60 "args": []string{"${NOMAD_SECRETS_DIR}/vault_token"}, 61 }, 62 Vault: &api.Vault{ 63 Policies: []string{"default"}, 64 }, 65 }, 66 }, 67 RestartPolicy: &api.RestartPolicy{ 68 Attempts: helper.IntToPtr(0), 69 Mode: helper.StringToPtr("fail"), 70 }, 71 }, 72 }, 73 } 74 )