terraform-registry/terraform-vault-tenant
terraform-registry/terraform-vault-tenant
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat/allow-extra-root-policies #3

Merged
lanson merged 10 commits from feat/allow-extra-root-policies into main 2024-05-29 22:33:04 +00:00
Conversation 0 Commits 10 Files Changed 4 +4 -4
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e91376012e - Show all commits

2
README.md
View File

@ -53,7 +53,7 @@ No modules.
| <a name="input_additional_roles"></a> [additional_roles](#input_additional_roles) | A map of additional role names, with the path to the associated policy file to add for this tenant.<br> A separate approle auth method is created for this tenant (mounted at auth/<prefix>-approle) including all the roles declared in this variable.<br> The variable should look like:<br> additional_roles = {<br> devs = file("path/to/policy.hcl")<br> admins = data.vault_policy_document.admins.hcl<br> } | `map(string)` | `{}` | no |
| <a name="input_name"></a> [name](#input_name) | The name of the tenant you want to create | `string` | n/a | yes |
| <a name="input_prefix"></a> [prefix](#input_prefix) | The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..) | `string` | n/a | yes |
| <a name="input_root_policy_extra_rules"></a> [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs | <pre>map(<br> object({<br> path = string<br> capabilities = list(string)<br> description = optional(string)<br> required_parameters = optional(map(list(any)))<br> allowed_parameter = optional(map(list(any)))<br> denied_parameter = optional(map(list(any)))<br> min_wrapping_ttl = optional(number)<br> max_wrapping_ttl = optional(number)<br> })<br> )</pre> | `{}` | no |
| <a name="input_root_policy_extra_rules"></a> [root_policy_extra_rules](#input_root_policy_extra_rules) | A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs | <pre>map(<br> object({<br> path = string<br> capabilities = list(string)<br> description = optional(string)<br> required_parameters = optional(map(list(any)))<br> allowed_parameter = optional(map(list(any)))<br> denied_parameter = optional(map(list(any)))<br> min_wrapping_ttl = optional(number)<br> max_wrapping_ttl = optional(number)<br> })<br> )</pre> | `{}` | no |
### Outputs

4
root.tf
View File

@ -36,7 +36,7 @@ data "vault_policy_document" "root" {
required_parameters = try(rule.value.required_parameters, null)
dynamic "allowed_parameter" {
for_each = try(rule.value.allowed_parameter, {}) != {} ? rule.value.allowed_parameter : {}
for_each = try(rule.value.allowed_parameter, null) != null ? rule.value.allowed_parameter : {}
content {
key = allowed_parameter.key
value = allowed_parameter.value
@ -44,7 +44,7 @@ data "vault_policy_document" "root" {
}
dynamic "denied_parameter" {
for_each = try(rule.value.denied_parameter, {}) != {} ? rule.value.denied_parameter : {}
for_each = try(rule.value.denied_parameter, null) != null ? rule.value.denied_parameter : {}
content {
key = denied_parameter.key
value = denied_parameter.value

2
variables.tf
View File

@ -39,6 +39,6 @@ variable "root_policy_extra_rules" {
max_wrapping_ttl = optional(number)
})
)
description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that oyu can customize it to your needs"
description = "A map of additional policies to attach to the root policy. These are merged with the default policies for the root role so that you can customize it to your needs"
default = {}
}