terraform-vault-tenant/README.md

terraform-vault-tenant

Terraform module to deploy tenant in Hashicorp Vault community version.

Requirements

Name	Version
terraform	>= 1.0.0

Providers

Name	Version
random	n/a
vault	n/a

Modules

No modules.

Resources

Name	Type
random_uuid.extra_roles_secret_id	resource
random_uuid.tenant_admin_secret_id	resource
vault_approle_auth_backend_role.extra_roles	resource
vault_approle_auth_backend_role.tenant_admin	resource
vault_approle_auth_backend_role_secret_id.extra_roles	resource
vault_approle_auth_backend_role_secret_id.tenant_admin	resource
vault_auth_backend.approle	resource
vault_identity_entity.extra_roles	resource
vault_identity_entity.tenant_admin	resource
vault_policy.extra_policies	resource
vault_policy.tenant_admin	resource

Inputs

Name	Description	Type	Default	Required
global_approle_mount	The mount path for the global AppRole authentication method	string	"approle"	no
tenant_additional_roles	A map of additional role names, with the path to the associated policy file to add for this tenant. A separate approle auth method is created for this tenant (mounted at auth/-approle) including all the roles declared in this variable. The variable should look like: tenant_additional_roles = { devs = { policy_file = "/some/path/to/policy.hcl" } admins = {...} }	map(object({ policy_file = string }))	{}	no
tenant_admin_policy_file	The path to the admin policy file for this tenant	string	n/a	yes
tenant_name	The name of the tenant you want to create	string	n/a	yes
tenant_prefix	The prefix to use for the tenant in vault (this will prefix mount points, policies, etc..)	string	n/a	yes

Outputs

Name	Description
extra_role_policies	The tenant extra role policy names
extra_roles	The tenant extra approle roles
tenant_admin_policy	The tenant admin policy name
tenant_admin_role	The tenant admin approle role