terraform-registry/terraform-vault-tenant
terraform-registry/terraform-vault-tenant
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e4ddcb6be8
terraform-vault-tenant/admin_role.tf
Bertrand Lanson e4ddcb6be8
All checks were successful
development / Check commit compliance (push) Successful in 4s
Details
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
Details
feat: create entities for each extra policies
2024-05-26 19:22:34 +02:00

29 lines
1.1 KiB
HCL
Raw Blame History

resource "vault_approle_auth_backend_role" "tenant_admin" {
backend = vault_auth_backend.approle.path
role_name = "${var.tenant_name}-admin"
token_policies = ["default", vault_policy.tenant_admin.name]
}
resource "random_uuid" "tenant_admin_secret_id" {}
resource "vault_approle_auth_backend_role_secret_id" "tenant_admin" {
backend = vault_auth_backend.approle.path
role_name = vault_approle_auth_backend_role.tenant_admin.role_name
secret_id = random_uuid.tenant_admin_secret_id.result
}
resource "vault_policy" "tenant_admin" {
name = "${var.tenant_name}-admin"
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix }) : file(var.tenant_admin_policy_file)
}
resource "vault_identity_entity" "admin" {
name = "${var.tenant_prefix}-admin"
}
resource "vault_identity_entity_alias" "admin" {
name = vault_approle_auth_backend_role.tenant_admin.role_id
mount_accessor = vault_auth_backend.approle.accessor
canonical_id = vault_identity_entity.admin.id
}
Reference in New Issue View Git Blame Copy Permalink