Merge pull request #175 from nrdxp/consolidate-policies

manveru · web-flow · commit ad535920cb23 · 2022-08-08T18:23:44.000+02:00
consolidate vault policies into hydration
diff --git a/modules/terraform/hydrate-cluster/policies.nix b/modules/terraform/hydrate-cluster/policies.nix
@@ -16,7 +16,15 @@ Related to roles that are impersonated by humans.
 
   __fromTOML = builtins.fromTOML;
 
-  vaultPolicies = tfcfg.locals.policies.vault;
+  # necessary or some of these policies get deleted by terraform; eg routing
+  coreVaultPolicies =
+    builtins.removeAttrs
+    (import ../../../profiles/vault/policies.nix {inherit config lib;})
+    .services
+    .vault
+    .policies ["vault-agent-client" "vault-agent-core"];
+
+  vaultPolicies = coreVaultPolicies // tfcfg.locals.policies.vault;
   nomadPolicies = tfcfg.locals.policies.nomad;
   consulPolicies = tfcfg.locals.policies.consul;
 
