2024-05-26 20:14:00 +00:00
|
|
|
variable "name" {
|
2024-05-24 21:50:51 +00:00
|
|
|
type = string
|
|
|
|
|
description = "The name of the tenant you want to create"
|
|
|
|
|
validation {
|
2024-05-26 20:23:10 +00:00
|
|
|
condition = can(regex("^[-a-zA-Z0-9_]*$", var.name))
|
2024-05-24 21:50:51 +00:00
|
|
|
error_message = "The tenant name must only contain alphanumeric characters, dashes, and underscores."
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-26 20:14:00 +00:00
|
|
|
variable "prefix" {
|
2024-05-24 21:50:51 +00:00
|
|
|
type = string
|
|
|
|
|
description = "The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..)"
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-26 20:14:00 +00:00
|
|
|
variable "root_policy_file" {
|
2024-05-24 21:50:51 +00:00
|
|
|
type = string
|
2024-05-25 12:23:23 +00:00
|
|
|
default = null
|
2024-05-24 21:50:51 +00:00
|
|
|
description = "The path to the admin policy file for this tenant"
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-26 20:14:00 +00:00
|
|
|
variable "additional_roles" {
|
2024-05-24 21:50:51 +00:00
|
|
|
type = map(object({
|
|
|
|
|
policy_file = string
|
|
|
|
|
}))
|
|
|
|
|
default = {}
|
|
|
|
|
description = <<EOT
|
|
|
|
|
A map of additional role names, with the path to the associated policy file to add for this tenant.
|
|
|
|
|
A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.
|
|
|
|
|
The variable should look like:
|
2024-05-26 20:14:00 +00:00
|
|
|
additional_roles = {
|
2024-05-24 21:50:51 +00:00
|
|
|
devs = {
|
|
|
|
|
policy_file = "/some/path/to/policy.hcl"
|
|
|
|
|
}
|
|
|
|
|
admins = {...}
|
|
|
|
|
}
|
|
|
|
|
EOT
|
|
|
|
|
}
|
