2024-05-26 20:14:00 +00:00
variable " name " {
2024-05-24 21:50:51 +00:00
type = string
description = " The name of the tenant you want to create "
validation {
2024-05-26 20:23:10 +00:00
condition = can ( regex ( " ^[-a-zA-Z0-9_]* $ " , var . name ) )
2024-05-24 21:50:51 +00:00
error_message = " The tenant name must only contain alphanumeric characters, dashes, and underscores. "
}
}
2024-05-26 20:14:00 +00:00
variable " prefix " {
2024-05-24 21:50:51 +00:00
type = string
description = " The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) "
}
2024-05-26 20:14:00 +00:00
variable " additional_roles " {
2024-05-29 18:21:47 +00:00
type = map ( string )
2024-05-24 21:50:51 +00:00
default = { }
description = < < EOT
A map of additional role names , with the path to the associated policy file to add for this tenant .
A separate approle auth method is created for this tenant ( mounted at auth / < prefix > - approle ) including all the roles declared in this var iable .
The var iable should look like :
2024-05-26 20:14:00 +00:00
additional_roles = {
2024-05-29 18:21:47 +00:00
devs = file ( " path/to/policy.hcl " )
admins = data . vault_policy_document . admins . hcl
2024-05-24 21:50:51 +00:00
}
EOT
}
2024-05-29 18:21:47 +00:00
variable " root_policy_extra_rules " {
type = map (
object ( {
path = string
capabilities = list ( string )
description = optional ( string )
required_parameters = optional ( map ( list ( any ) ) )
allowed_parameter = optional ( map ( list ( any ) ) )
denied_parameter = optional ( map ( list ( any ) ) )
min_wrapping_ttl = optional ( number )
max_wrapping_ttl = optional ( number )
} )
)
description = " A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs "
default = { }
}
