-approle) including all the roles declared in this variable.
The variable should look like:
additional_roles = {
devs = file("path/to/policy.hcl")
admins = data.vault_policy_document.admins.hcl
} | `map(string)` | `{}` | no |
| [name](#input_name) | The name of the tenant you want to create | `string` | n/a | yes |
| [prefix](#input_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
-| [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs | map(
object({
path = string
capabilities = list(string)
description = optional(string)
required_parameters = optional(map(list(any)))
allowed_parameter = optional(map(list(any)))
denied_parameter = optional(map(list(any)))
min_wrapping_ttl = optional(number)
max_wrapping_ttl = optional(number)
})
)
| `{}` | no |
+| [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs | map(
object({
path = string
capabilities = list(string)
description = optional(string)
required_parameters = optional(map(list(any)))
allowed_parameter = optional(map(list(any)))
denied_parameter = optional(map(list(any)))
min_wrapping_ttl = optional(number)
max_wrapping_ttl = optional(number)
})
)
| `{}` | no |
### Outputs
diff --git a/root.tf b/root.tf
index 7ff5ef3..cc974c8 100644
--- a/root.tf
+++ b/root.tf
@@ -36,7 +36,7 @@ data "vault_policy_document" "root" {
required_parameters = try(rule.value.required_parameters, null)
dynamic "allowed_parameter" {
- for_each = try(rule.value.allowed_parameter, {}) != {} ? rule.value.allowed_parameter : {}
+ for_each = try(rule.value.allowed_parameter, null) != null ? rule.value.allowed_parameter : {}
content {
key = allowed_parameter.key
value = allowed_parameter.value
@@ -44,7 +44,7 @@ data "vault_policy_document" "root" {
}
dynamic "denied_parameter" {
- for_each = try(rule.value.denied_parameter, {}) != {} ? rule.value.denied_parameter : {}
+ for_each = try(rule.value.denied_parameter, null) != null ? rule.value.denied_parameter : {}
content {
key = denied_parameter.key
value = denied_parameter.value
diff --git a/variables.tf b/variables.tf
index 2461365..2b6d6e2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,6 +39,6 @@ variable "root_policy_extra_rules" {
max_wrapping_ttl = optional(number)
})
)
- description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs"
+ description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs"
default = {}
}