-
Notifications
You must be signed in to change notification settings - Fork 11
/
main.tf
57 lines (45 loc) · 1.09 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
terraform {
required_version = ">= 0.14"
required_providers {
vault = {
source = "hashicorp/vault"
version = "~> 2.17"
}
}
}
provider "vault" {}
resource "vault_audit" "default" {
type = "file"
options = {
file_path = "stdout"
}
}
resource "vault_mount" "default" {
path = var.mount_path
type = "kv-v2"
}
resource "vault_policy" "admin" {
name = "admin"
policy = templatefile("${path.module}/policies/admin.tmpl", {
mount_path = var.mount_path,
})
}
resource "vault_auth_backend" "userpass" {
type = "userpass"
}
resource "vault_github_auth_backend" "github" {
organization = var.github_organisation
token_policies = [vault_policy.admin.name]
}
resource "vault_generic_endpoint" "userpass_admin" {
count = var.admin_username != null && var.admin_password != null ? 1 : 0
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/${var.admin_username}"
ignore_absent_fields = true
data_json = <<EOT
{
"password": "${var.admin_password}",
"policies": ["${vault_policy.admin.name}"]
}
EOT
}