terraform/hashistack: add buildbot worker nomad var policy

void-linux · Sep 28, 2024 · a934157 · a934157
1 parent 24eecbe
commit a934157
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/terraform/hashistack/policy_buildbot.tf b/terraform/hashistack/policy_buildbot.tf
@@ -0,0 +1,19 @@
+resource "nomad_acl_policy" "buildbot_worker_admin" {
+  name = "buildbot-worker-admin"
+  description = "Manage buildbot worker secrets in nomad variables"
+
+  job_acl {
+    namespace = "build"
+    job_id = "buildbot"
+  }
+
+  rules_hcl = <<EOT
+namespace "build" {
+  variables {
+    path "nomad/jobs/buildbot-worker" {
+      capabilities = ["read"]
+    }
+  }
+}
+EOT
+}