terraform-vault-tenant/variables.tf

43 lines
1.3 KiB
Terraform
Raw Normal View History

variable "global_approle_mount" {
type = string
default = "approle"
description = "The mount path for the global AppRole authentication method"
}
variable "tenant_name" {
type = string
description = "The name of the tenant you want to create"
validation {
condition = can(regex("^[-a-zA-Z0-9_]*$", var.tenant_name))
error_message = "The tenant name must only contain alphanumeric characters, dashes, and underscores."
}
}
variable "tenant_prefix" {
type = string
description = "The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..)"
}
variable "tenant_admin_policy_file" {
type = string
description = "The path to the admin policy file for this tenant"
}
variable "tenant_additional_roles" {
type = map(object({
policy_file = string
}))
default = {}
description = <<EOT
A map of additional role names, with the path to the associated policy file to add for this tenant.
A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.
The variable should look like:
tenant_additional_roles = {
devs = {
policy_file = "/some/path/to/policy.hcl"
}
admins = {...}
}
EOT
}