[#3] Extract static tokens (node, proxy, auth)

Separate static tokens.
woohgit · Aug 8, 2016 · 7bfbd97 · 7bfbd97
1 parent 431ddea
commit 7bfbd97
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -32,7 +32,9 @@ Teleport stores the data locally under the `teleport_data_dir`.
     teleport_auth_enabled: true
     teleport_auth_listen_address: '0.0.0.0:3025'
     teleport_auth_cluster_name: 'main'
-    teleport_auth_tokens: []
+    teleport_auth_tokens_node: []
+    teleport_auth_tokens_proxy: []
+    teleport_auth_tokens_auth: []
     teleport_auth_trusted_clusters: []
     teleport_auth_oidc_connectors: []
 
@@ -83,7 +85,8 @@ For more details about teleport architecture, please refer to the [official docu
 *Inside `vars/main.yml`*
 
     teleport_ssh_enabled: false
-    teleport_auth_tokens: xxxx-yyyy-xxxx
+    teleport_auth_tokens_node:
+      - xxxx-yyyy-xxxx
 
 If you want to be able to login to the proxy host too using teleport, set `teleport_ssh_enabled` to `true`.
 
@@ -105,7 +108,7 @@ You can automatically connect a node to the proxy server by providing same same
     teleport_auth_enabled: false
     teleport_proxy_enabled: false
     teleport_auth_servers:
-        - <ip_of_the_proxy_server>
+      - <ip_of_the_proxy_server>
     teleport_auth_token: xxxx-yyyy-xxxx
 
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -16,7 +16,9 @@ teleport_pidfile: '/var/run/teleport.pid'
 teleport_auth_enabled: true
 teleport_auth_listen_address: '0.0.0.0:3025'
 teleport_auth_cluster_name: 'main'
-teleport_auth_tokens: []
+teleport_auth_tokens_node: []
+teleport_auth_tokens_proxy: []
+teleport_auth_tokens_auth: []
 teleport_auth_trusted_clusters: []
 teleport_auth_oidc_connectors: []
 

diff --git a/templates/teleport.yaml.j2 b/templates/teleport.yaml.j2
@@ -32,10 +32,17 @@ auth_service:
     - key_file: {{ cluster_ca }}
 {% endfor %}
 {% endif %}
-{% if teleport_auth_tokens|length > 0 %}
+{% if teleport_auth_tokens_node|length > 0 or teleport_auth_tokens_proxy|length > 0 or teleport_auth_tokens_auth|length > 0 %}
   tokens:
-    - "proxy,node:{{ teleport.token }}"
-    - "auth:{{ teleport.token }}"
+{% for token in teleport_auth_tokens_node %}
+    - "node:{{ token }}"
+{% endfor %}
+{% for token in teleport_auth_tokens_proxy %}
+    - "proxy:{{ token }}"
+{% endfor %}
+{% for token in teleport_auth_tokens_auth %}
+    - "auth:{{ token }}"
+{% endfor %}
 {% endif %}
 {% else %}
   enabled: "no"