fix: [nomad-step-5] S5.2 — nomad/jobs/staging.hcl + chat.hcl (#989)
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline failed
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline failed
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline failed
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline failed
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
This commit is contained in:
Agent
parent
84d63d49b5
commit
5aefbd6832
6 changed files with 299 additions and 10 deletions
15
vault/policies/service-chat.hcl
Normal file
15
vault/policies/service-chat.hcl
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# vault/policies/service-chat.hcl
|
||||
#
|
||||
# Read-only access to shared Chat secrets (OAuth client config, forward auth
|
||||
# secret). Attached to the Chat Nomad job via workload identity (S5.2).
|
||||
#
|
||||
# Scope: kv/disinto/shared/chat — entries owned by the operator and
|
||||
# shared between the chat service and edge proxy.
|
||||
|
||||
path "kv/data/disinto/shared/chat" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "kv/metadata/disinto/shared/chat" {
|
||||
capabilities = ["list", "read"]
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue