Fix gcp alias ACL

libops · Jan 19, 2025 · 00fa7cf · 00fa7cf
1 parent fd6d854
commit 00fa7cf
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/02-auth-gcp.tf b/02-auth-gcp.tf
@@ -10,7 +10,7 @@ resource "vault_gcp_auth_backend_role" "ghat" {
   bound_service_accounts = ["ghat-cr@libops-ghat.iam.gserviceaccount.com"]
   bound_projects         = ["libops-ghat"]
   token_ttl              = 300
-  token_max_ttl          = 600
+  token_max_ttl          = 900
   token_policies = [
     vault_policy.policies["gcp-kv1.hcl"].name
   ]

diff --git a/policies/gcp-kv1.hcl b/policies/gcp-kv1.hcl
@@ -1,3 +1,3 @@
-path "secret/{{identity.entity.metadata.project_id}}/*" {
+path "secret/{{identity.entity.aliases.auth_gcp_8fb93eb9.metadata.project_id}}/*" {
   capabilities = ["read", "list"]
 }