terraform-vault-tenant/approle_auth.tf

resource "vault_auth_backend" "approle" {
  type = "approle"
  path = "${var.tenant_prefix}/approle"
  tune {
    default_lease_ttl = "3600s"
    max_lease_ttl     = "14400s"
  }
}

resource "vault_identity_group" "this" {
  name = var.tenant_name
  type = "external"
  metadata = {
    tenant = var.tenant_name
    prefix = var.tenant_prefix
  }
}

resource "vault_identity_group_alias" "this" {
  name           = var.tenant_name
  mount_accessor = vault_auth_backend.approle.accessor
  canonical_id   = vault_identity_group.this.id
}
feat: move every approle role to dedicated backend, and add group to pass metadata along 2024-05-26 14:22:18 +00:00			`resource "vault_auth_backend" "approle" {`
			`type = "approle"`
feat: change approle path to <prefix>/approle instead of <prefix>-approle 2024-05-26 14:27:38 +00:00			`path = "${var.tenant_prefix}/approle"`
feat: move every approle role to dedicated backend, and add group to pass metadata along 2024-05-26 14:22:18 +00:00			`tune {`
			`default_lease_ttl = "3600s"`
			`max_lease_ttl = "14400s"`
			`}`
			`}`

fix: remove duplicate resource 2024-05-26 14:24:57 +00:00			`resource "vault_identity_group" "this" {`
			`name = var.tenant_name`
fix: make tenant group external 2024-05-26 14:25:52 +00:00			`type = "external"`
fix: remove duplicate resource 2024-05-26 14:24:57 +00:00			`metadata = {`
			`tenant = var.tenant_name`
			`prefix = var.tenant_prefix`
			`}`
			`}`

feat: move every approle role to dedicated backend, and add group to pass metadata along 2024-05-26 14:22:18 +00:00			`resource "vault_identity_group_alias" "this" {`
			`name = var.tenant_name`
			`mount_accessor = vault_auth_backend.approle.accessor`
			`canonical_id = vault_identity_group.this.id`
			`}`