feat: create entities for each extra policies
This commit is contained in:
parent
4975119e0b
commit
e4ddcb6be8
@ -37,9 +37,11 @@ No modules.
|
|||||||
| [vault_approle_auth_backend_role_secret_id.extra_roles](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/approle_auth_backend_role_secret_id) | resource |
|
| [vault_approle_auth_backend_role_secret_id.extra_roles](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/approle_auth_backend_role_secret_id) | resource |
|
||||||
| [vault_approle_auth_backend_role_secret_id.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/approle_auth_backend_role_secret_id) | resource |
|
| [vault_approle_auth_backend_role_secret_id.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/approle_auth_backend_role_secret_id) | resource |
|
||||||
| [vault_auth_backend.approle](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/auth_backend) | resource |
|
| [vault_auth_backend.approle](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/auth_backend) | resource |
|
||||||
| [vault_identity_entity.extra_roles](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity) | resource |
|
| [vault_identity_entity.admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity) | resource |
|
||||||
|
| [vault_identity_entity.extra](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity) | resource |
|
||||||
|
| [vault_identity_entity_alias.admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity_alias) | resource |
|
||||||
|
| [vault_identity_entity_alias.extra](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_entity_alias) | resource |
|
||||||
| [vault_identity_group.this](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group) | resource |
|
| [vault_identity_group.this](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group) | resource |
|
||||||
| [vault_identity_group_alias.this](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/identity_group_alias) | resource |
|
|
||||||
| [vault_policy.extra_policies](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
|
| [vault_policy.extra_policies](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
|
||||||
| [vault_policy.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
|
| [vault_policy.tenant_admin](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
|
||||||
|
|
||||||
|
@ -16,3 +16,13 @@ resource "vault_policy" "tenant_admin" {
|
|||||||
name = "${var.tenant_name}-admin"
|
name = "${var.tenant_name}-admin"
|
||||||
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
|
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "vault_identity_entity" "admin" {
|
||||||
|
name = "${var.tenant_prefix}-admin"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vault_identity_entity_alias" "admin" {
|
||||||
|
name = vault_approle_auth_backend_role.tenant_admin.role_id
|
||||||
|
mount_accessor = vault_auth_backend.approle.accessor
|
||||||
|
canonical_id = vault_identity_entity.admin.id
|
||||||
|
}
|
||||||
|
@ -9,15 +9,9 @@ resource "vault_auth_backend" "approle" {
|
|||||||
|
|
||||||
resource "vault_identity_group" "this" {
|
resource "vault_identity_group" "this" {
|
||||||
name = var.tenant_name
|
name = var.tenant_name
|
||||||
type = "external"
|
type = "internal"
|
||||||
metadata = {
|
metadata = {
|
||||||
tenant = var.tenant_name
|
tenant = var.tenant_name
|
||||||
prefix = var.tenant_prefix
|
prefix = var.tenant_prefix
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "vault_identity_group_alias" "this" {
|
|
||||||
name = var.tenant_name
|
|
||||||
mount_accessor = vault_auth_backend.approle.accessor
|
|
||||||
canonical_id = vault_identity_group.this.id
|
|
||||||
}
|
|
||||||
|
@ -16,19 +16,23 @@ resource "vault_approle_auth_backend_role_secret_id" "extra_roles" {
|
|||||||
secret_id = random_uuid.extra_roles_secret_id[each.key].result
|
secret_id = random_uuid.extra_roles_secret_id[each.key].result
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "vault_identity_entity" "extra_roles" {
|
|
||||||
for_each = var.tenant_additional_roles
|
|
||||||
|
|
||||||
name = "${var.tenant_prefix}-${each.key}"
|
|
||||||
metadata = {
|
|
||||||
tenant = var.tenant_name
|
|
||||||
prefix = var.tenant_prefix
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "vault_policy" "extra_policies" {
|
resource "vault_policy" "extra_policies" {
|
||||||
for_each = var.tenant_additional_roles
|
for_each = var.tenant_additional_roles
|
||||||
|
|
||||||
name = "${var.tenant_prefix}-${each.key}"
|
name = "${var.tenant_prefix}-${each.key}"
|
||||||
policy = file(each.value.policy_file)
|
policy = file(each.value.policy_file)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "vault_identity_entity" "extra" {
|
||||||
|
for_each = var.tenant_additional_roles
|
||||||
|
|
||||||
|
name = "${var.tenant_prefix}-${each.key}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "vault_identity_entity_alias" "extra" {
|
||||||
|
for_each = var.tenant_additional_roles
|
||||||
|
|
||||||
|
name = vault_approle_auth_backend_role.extra_roles[each.key].role_id
|
||||||
|
mount_accessor = vault_auth_backend.approle.accessor
|
||||||
|
canonical_id = vault_identity_entity.extra[each.key].id
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user