fix: default policy file path for admin to null, and use built-in policy if value stays null
This commit is contained in:
parent
9c4d1443f6
commit
c1ea5253d5
SSH Key Fingerprint:
SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
@ -48,7 +48,7 @@ No modules.
|
|||||||
|------|-------------|------|---------|:--------:|
|
|------|-------------|------|---------|:--------:|
|
||||||
| <a name="input_global_approle_mount"></a> [global_approle_mount](#input_global_approle_mount) | The mount path for the global AppRole authentication method | `string` | `"approle"` | no |
|
| <a name="input_global_approle_mount"></a> [global_approle_mount](#input_global_approle_mount) | The mount path for the global AppRole authentication method | `string` | `"approle"` | no |
|
||||||
| <a name="input_tenant_additional_roles"></a> [tenant_additional_roles](#input_tenant_additional_roles) | A map of additional role names, with the path to the associated policy file to add for this tenant.<br> A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.<br> The variable should look like:<br> tenant_additional_roles = {<br> devs = {<br> policy_file = "/some/path/to/policy.hcl"<br> }<br> admins = {...}<br> } | <pre>map(object({<br> policy_file = string<br> }))</pre> | `{}` | no |
|
| <a name="input_tenant_additional_roles"></a> [tenant_additional_roles](#input_tenant_additional_roles) | A map of additional role names, with the path to the associated policy file to add for this tenant.<br> A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.<br> The variable should look like:<br> tenant_additional_roles = {<br> devs = {<br> policy_file = "/some/path/to/policy.hcl"<br> }<br> admins = {...}<br> } | <pre>map(object({<br> policy_file = string<br> }))</pre> | `{}` | no |
|
||||||
| <a name="input_tenant_admin_policy_file"></a> [tenant_admin_policy_file](#input_tenant_admin_policy_file) | The path to the admin policy file for this tenant | `string` | `"./policies/tenant-admins.policy.hcl"` | no |
|
| <a name="input_tenant_admin_policy_file"></a> [tenant_admin_policy_file](#input_tenant_admin_policy_file) | The path to the admin policy file for this tenant | `string` | `null` | no |
|
||||||
| <a name="input_tenant_name"></a> [tenant_name](#input_tenant_name) | The name of the tenant you want to create | `string` | n/a | yes |
|
| <a name="input_tenant_name"></a> [tenant_name](#input_tenant_name) | The name of the tenant you want to create | `string` | n/a | yes |
|
||||||
| <a name="input_tenant_prefix"></a> [tenant_prefix](#input_tenant_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
|
| <a name="input_tenant_prefix"></a> [tenant_prefix](#input_tenant_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
|
||||||
|
|
||||||
|
|||||||
@ -22,5 +22,5 @@ resource "vault_identity_entity" "tenant_admin" {
|
|||||||
|
|
||||||
resource "vault_policy" "tenant_admin" {
|
resource "vault_policy" "tenant_admin" {
|
||||||
name = "${var.tenant_name}-admin"
|
name = "${var.tenant_name}-admin"
|
||||||
policy = file(var.tenant_admin_policy_file)
|
policy = var.tenant_admin_policy_file == null ? file("${path.module}/policies/tenant-admins.policy.hcl") : file(var.tenant_admin_policy_file)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,7 +20,7 @@ variable "tenant_prefix" {
|
|||||||
|
|
||||||
variable "tenant_admin_policy_file" {
|
variable "tenant_admin_policy_file" {
|
||||||
type = string
|
type = string
|
||||||
default = "./policies/tenant-admins.policy.hcl"
|
default = null
|
||||||
description = "The path to the admin policy file for this tenant"
|
description = "The path to the admin policy file for this tenant"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user