-approle) including all the roles declared in this variable.
The variable should look like:
additional_roles = {
devs = file("path/to/policy.hcl")
admins = data.vault_policy_document.admins.hcl
} | `map(string)` | `{}` | no |
| [name](#input_name) | The name of the tenant you want to create | `string` | n/a | yes |
| [prefix](#input_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
-| [root_policy_file](#input_root_policy_file) | The path to the admin policy file for this tenant | `string` | `null` | no |
+| [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs | map(
object({
path = string
capabilities = list(string)
description = optional(string)
required_parameters = optional(map(list(any)))
allowed_parameter = optional(map(list(any)))
denied_parameter = optional(map(list(any)))
min_wrapping_ttl = optional(number)
max_wrapping_ttl = optional(number)
})
)
| `{}` | no |
### Outputs
diff --git a/extra_policies.tf b/extra_policies.tf
index 4d9535c..d50ddd7 100644
--- a/extra_policies.tf
+++ b/extra_policies.tf
@@ -20,7 +20,7 @@ resource "vault_policy" "extra" {
for_each = var.additional_roles
name = "${var.prefix}-${each.key}"
- policy = file(each.value.policy_file)
+ policy = each.value
}
resource "vault_identity_entity" "extra" {