Skip to content

Instantly share code, notes, and snippets.

@v6
Created October 24, 2018 01:00
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
// , Shows how to "conveniently" map AD groups to Vault Policies.
super-duper-vault-train $ls
LICENSE initpayload.json
PRODUCTION_INSTALLATION.md instance7_consul_http_token.txt
README.md instance7_vault_consul_http_token.txt
Vagrantfile myunseal.sh
Vagrantfile.new playbooks
account.sh prereqs.sh
configureconsul.sh provision_consul
configurevault.sh provision_vault
consuldownload.sh vaultdownload.sh
consulsystemd.sh vaultquiz.md
demonstrations vaultsystemd.sh
init.sh
super-duper-vault-train $cd provision_vault/
provision_vault $ls
README.md data_production_gap scripts
data data_sandbox_gap
provision_vault $cd scripts/
scripts $ls
checkldap.sh read_new_relic_approle.sh
checkpolicy.sh secrets_consumer_of_buyplan.hcl
create_approle.sh secrets_consumer_of_new_relic_agent.hcl
create_buyplan_approle.sh secrets_consumer_of_sriramapp.hcl
create_igp_approle.sh secrets_owner_of_buyplan.hcl
create_new_relic_approle.sh secrets_owner_of_new_relic_agent.hcl
createapproles.sh secrets_owner_of_sriramapp.hcl
generate_secrets_access_policies.sh simpletokenmaker.sh
generate_secrets_access_policies_gap.sh simpletokenrolelogin.sh
get_token_from_ldap_login.sh ssantha_ldap_vault_login_example.txt
hclpolicy2json.sh ssantha_login.sh
ldapgrouper.py testaccess.hcl
mypass.json tokenrolelogin.sh
new_relic.json tokenrolemaker.sh
post_data_to_rabbitmq.sh uploadpolicy.sh
read_igp_approle.sh
scripts $./ldapgrouper
-bash: ./ldapgrouper: No such file or directory
scripts $./ldapgrouper.py
Usage:
ldapgrouper.py (--ldap_group <group> | --ldap_user <user>) --vault_policy <policy> [<MOUNT_POINT>]
ldapgrouper.py --list
ldapgrouper.py (-h | --help)
scripts $./ldapgrouper.py --ldap_group MY-AD-GROUP --vault_policy admin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment