fix: evaluate parameters against null to avoid failing when null values are injected in place of optionals
This commit is contained in:
parent
71eef0590e
commit
e91376012e
@ -53,7 +53,7 @@ No modules.
|
||||
| <a name="input_additional_roles"></a> [additional_roles](#input_additional_roles) | A map of additional role names, with the path to the associated policy file to add for this tenant.<br> A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.<br> The variable should look like:<br> additional_roles = {<br> devs = file("path/to/policy.hcl")<br> admins = data.vault_policy_document.admins.hcl<br> } | `map(string)` | `{}` | no |
|
||||
| <a name="input_name"></a> [name](#input_name) | The name of the tenant you want to create | `string` | n/a | yes |
|
||||
| <a name="input_prefix"></a> [prefix](#input_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
|
||||
| <a name="input_root_policy_extra_rules"></a> [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs | <pre>map(<br> object({<br> path = string<br> capabilities = list(string)<br> description = optional(string)<br> required_parameters = optional(map(list(any)))<br> allowed_parameter = optional(map(list(any)))<br> denied_parameter = optional(map(list(any)))<br> min_wrapping_ttl = optional(number)<br> max_wrapping_ttl = optional(number)<br> })<br> )</pre> | `{}` | no |
|
||||
| <a name="input_root_policy_extra_rules"></a> [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs | <pre>map(<br> object({<br> path = string<br> capabilities = list(string)<br> description = optional(string)<br> required_parameters = optional(map(list(any)))<br> allowed_parameter = optional(map(list(any)))<br> denied_parameter = optional(map(list(any)))<br> min_wrapping_ttl = optional(number)<br> max_wrapping_ttl = optional(number)<br> })<br> )</pre> | `{}` | no |
|
||||
|
||||
### Outputs
|
||||
|
||||
|
4
root.tf
4
root.tf
@ -36,7 +36,7 @@ data "vault_policy_document" "root" {
|
||||
required_parameters = try(rule.value.required_parameters, null)
|
||||
|
||||
dynamic "allowed_parameter" {
|
||||
for_each = try(rule.value.allowed_parameter, {}) != {} ? rule.value.allowed_parameter : {}
|
||||
for_each = try(rule.value.allowed_parameter, null) != null ? rule.value.allowed_parameter : {}
|
||||
content {
|
||||
key = allowed_parameter.key
|
||||
value = allowed_parameter.value
|
||||
@ -44,7 +44,7 @@ data "vault_policy_document" "root" {
|
||||
}
|
||||
|
||||
dynamic "denied_parameter" {
|
||||
for_each = try(rule.value.denied_parameter, {}) != {} ? rule.value.denied_parameter : {}
|
||||
for_each = try(rule.value.denied_parameter, null) != null ? rule.value.denied_parameter : {}
|
||||
content {
|
||||
key = denied_parameter.key
|
||||
value = denied_parameter.value
|
||||
|
@ -39,6 +39,6 @@ variable "root_policy_extra_rules" {
|
||||
max_wrapping_ttl = optional(number)
|
||||
})
|
||||
)
|
||||
description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs"
|
||||
description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs"
|
||||
default = {}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user