abuxton · October 6, 2020 13:33
diff --git a/bootstrap-consul-acls.sh b/bootstrap-consul-acls.sh
 #!/bin/bash
 echo '
 node_prefix "" {
  policy = "write"
 }
 service_prefix "" {
  policy = "read"
 }
 agent_prefix "" {
  policy = "write"
 }' | consul acl policy create -name consul-agent-vault -rules -

 echo '
 node_prefix "" {
  policy = "write"
 }
 service_prefix "" {
  policy = "read"
 }
 service "consul" {
  policy = "write"
 }
 agent_prefix "" {
  policy = "write"
 }' | consul acl policy create -name consul-agent-server -rules -

 echo '
 key_prefix "vault/" {
  policy = "write"
 }
 service "vault" {
  policy = "write"
 }
 session_prefix "" {
  policy = "write"
 }
 node_prefix "" {
  policy = "write"
 }
 agent_prefix "" {
  policy = "write"
 }' | consul acl policy create -name vault -rules -

 echo '
 acl = "write"
 key "consul-snapshot/lock" {
 policy = "write"
 }
 session_prefix "" {
 policy = "write"
 }
 service "consul-snapshot" {
 policy = "write"
 }' | consul acl policy create -name snapshot_agent -rules -

 echo '
 node_prefix "" {
  policy = "read"
 }
 service_prefix "" {
  policy = "read"
 }
 session_prefix "" {
  policy = "read"
 }
 agent_prefix "" {
  policy = "read"
 }
 query_prefix "" {
  policy = "read"
 }
 operator = "read"' |  consul acl policy create -name anonymous -rules -

 consul acl token create -description "consul agent vault token" -policy-name consul-agent-vault
 consul acl token create -description "consul agent server token" -policy-name consul-agent-server
 consul acl token create -description "vault application token" -policy-name vault
 consul acl token create -description "consul snapshot agent" -policy-name snapshot_agent
 consul acl token update -id anonymous -policy-name anonymous
	#!/bin/bash
	echo '
	node_prefix "" {
	policy = "write"
	}
	service_prefix "" {
	policy = "read"
	}
	agent_prefix "" {
	policy = "write"
	}' \| consul acl policy create -name consul-agent-vault -rules -

	echo '
	node_prefix "" {
	policy = "write"
	}
	service_prefix "" {
	policy = "read"
	}
	service "consul" {
	policy = "write"
	}
	agent_prefix "" {
	policy = "write"
	}' \| consul acl policy create -name consul-agent-server -rules -

	echo '
	key_prefix "vault/" {
	policy = "write"
	}
	service "vault" {
	policy = "write"
	}
	session_prefix "" {
	policy = "write"
	}
	node_prefix "" {
	policy = "write"
	}
	agent_prefix "" {
	policy = "write"
	}' \| consul acl policy create -name vault -rules -

	echo '
	acl = "write"
	key "consul-snapshot/lock" {
	policy = "write"
	}
	session_prefix "" {
	policy = "write"
	}
	service "consul-snapshot" {
	policy = "write"
	}' \| consul acl policy create -name snapshot_agent -rules -

	echo '
	node_prefix "" {
	policy = "read"
	}
	service_prefix "" {
	policy = "read"
	}
	session_prefix "" {
	policy = "read"
	}
	agent_prefix "" {
	policy = "read"
	}
	query_prefix "" {
	policy = "read"
	}
	operator = "read"' \| consul acl policy create -name anonymous -rules -

	consul acl token create -description "consul agent vault token" -policy-name consul-agent-vault
	consul acl token create -description "consul agent server token" -policy-name consul-agent-server
	consul acl token create -description "vault application token" -policy-name vault
	consul acl token create -description "consul snapshot agent" -policy-name snapshot_agent
	consul acl token update -id anonymous -policy-name anonymous