terraform-vault-tenant/admin_approle.tf
Bertrand Lanson 9a4f2837a0
All checks were successful
development / Check commit compliance (push) Successful in 5s
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
fix: do not allow any token creation for now, will have to avoid child tokens in tf provider config
2024-05-25 18:39:53 +02:00

31 lines
1009 B
HCL

locals {
tenant_admin_policies = ["default", "${var.tenant_name}-admin"]
}
resource "vault_approle_auth_backend_role" "tenant_admin" {
backend = var.global_approle_mount
role_name = "${var.tenant_name}-admin"
token_policies = local.tenant_admin_policies
}
resource "random_uuid" "tenant_admin_secret_id" {}
resource "vault_approle_auth_backend_role_secret_id" "tenant_admin" {
backend = var.global_approle_mount
role_name = vault_approle_auth_backend_role.tenant_admin.role_name
secret_id = random_uuid.tenant_admin_secret_id.result
}
resource "vault_identity_entity" "tenant_admin" {
name = "${var.tenant_prefix}-admin"
metadata = {
tenant = var.tenant_name
prefix = var.tenant_prefix
}
}
resource "vault_policy" "tenant_admin" {
name = "${var.tenant_name}-admin"
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
}