From 7b337f47f510d555fbc6be690af642bcfae6b140 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Wed, 29 May 2024 23:09:53 +0200
Subject: [PATCH] fix: adjust code for root policy document to generate blocks
 instead of map of lists

---
 root.tf | 52 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 7 deletions(-)

diff --git a/root.tf b/root.tf
index 529fc6f..50b8e2a 100644
--- a/root.tf
+++ b/root.tf
@@ -24,18 +24,56 @@ locals {
   root_policy_rules = merge(local.root_policy_default_rules, var.root_policy_extra_rules)
 }
 
+# data "vault_policy_document" "root" {
+#   dynamic "rule" {
+#     for_each = local.root_policy_rules
+#     content {
+#       path                = each.value.path
+#       capabilities        = each.value.capabilities
+#       description         = try(each.value.description, null)
+#       required_parameters = try(each.value.required_parameters, null)
+#       allowed_parameter   = try(each.value.allowed_parameter, null)
+#       denied_parameter    = try(each.value.denied_parameter, null)
+#       min_wrapping_ttl    = try(each.value.min_wrapping_ttl, null)
+#       max_wrapping_ttl    = try(each.value.max_wrapping_ttl, null)
+#     }
+#   }
+# }
+
 data "vault_policy_document" "root" {
   dynamic "rule" {
     for_each = local.root_policy_rules
     content {
-      path                = each.value.path
-      capabilities        = each.value.capabilities
-      description         = try(each.value.description, null)
+      path                = rule.value.path
+      capabilities        = rule.value.capabilities
+      description         = try(rule.value.description, null)
+      min_wrapping_ttl    = try(rule.value.min_wrapping_ttl, null)
+      max_wrapping_ttl    = try(rule.value.max_wrapping_ttl, null)
       required_parameters = try(each.value.required_parameters, null)
-      allowed_parameter   = try(each.value.allowed_parameter, null)
-      denied_parameter    = try(each.value.denied_parameter, null)
-      min_wrapping_ttl    = try(each.value.min_wrapping_ttl, null)
-      max_wrapping_ttl    = try(each.value.max_wrapping_ttl, null)
+
+      # dynamic "required_parameters" {
+      #   for_each = rule.value.required_parameters != null ? rule.value.required_parameters : {}
+      #   content {
+      #     key = required_parameters.key
+      #     value = required_parameters.value
+      #   }
+      # }
+
+      dynamic "allowed_parameter" {
+        for_each = rule.value.allowed_parameter != null ? rule.value.allowed_parameter : {}
+        content {
+          key   = allowed_parameter.key
+          value = allowed_parameter.value
+        }
+      }
+
+      dynamic "denied_parameter" {
+        for_each = rule.value.denied_parameter != null ? rule.value.denied_parameter : {}
+        content {
+          key   = denied_parameter.key
+          value = denied_parameter.value
+        }
+      }
     }
   }
 }