39 lines
1.1 KiB
HCL
39 lines
1.1 KiB
HCL
resource "vault_approle_auth_backend_role" "extra" {
|
|
for_each = var.additional_roles
|
|
|
|
backend = vault_auth_backend.approle.path
|
|
role_name = each.key
|
|
token_policies = ["default", "${vault_policy.extra[each.key].name}"]
|
|
}
|
|
|
|
resource "random_uuid" "extra_secret_id" { for_each = var.additional_roles }
|
|
|
|
resource "vault_approle_auth_backend_role_secret_id" "extra" {
|
|
for_each = var.additional_roles
|
|
|
|
backend = vault_auth_backend.approle.path
|
|
role_name = vault_approle_auth_backend_role.extra[each.key].role_name
|
|
secret_id = random_uuid.extra_secret_id[each.key].result
|
|
}
|
|
|
|
resource "vault_policy" "extra" {
|
|
for_each = var.additional_roles
|
|
|
|
name = "${var.prefix}-${each.key}"
|
|
policy = each.value
|
|
}
|
|
|
|
resource "vault_identity_entity" "extra" {
|
|
for_each = var.additional_roles
|
|
|
|
name = "${var.prefix}-${each.key}"
|
|
}
|
|
|
|
resource "vault_identity_entity_alias" "extra" {
|
|
for_each = var.additional_roles
|
|
|
|
name = vault_approle_auth_backend_role.extra[each.key].role_id
|
|
mount_accessor = vault_auth_backend.approle.accessor
|
|
canonical_id = vault_identity_entity.extra[each.key].id
|
|
}
|