monitoring/vault/policies/monitoring-cluster-exporter.hcl

[[- $c := merge .monitoring.exporters.cluster .monitoring.exporters .monitoring . ]]
# Read vault metrics
path "sys/metrics" {
  capabilities = ["read", "list"]
}

# Get a cert for Nomad
path "pki/nomad/issue/[[ .instance ]]-cluster-exporter" {
  capabilities = ["update"]
}

# Get a cert for Consul
path "pki/consul/issue/[[ .instance ]]-cluster-exporter" {
  capabilities = ["update"]
}

# Get a consul token
path "consul/creds/[[ .instance ]]-cluster-exporter" {
  capabilities = ["read"]
}