dotfiles/terraform/upload-approles/main.tf
main a5a651dbb9
Large rework and cleanup
Signed-off-by: main <magic_rb@redalder.org>
2022-07-31 11:03:59 +02:00

61 lines
1.3 KiB
HCL

variable "policies" {
type = list(string)
}
variable "hostname" {
type = string
}
variable "host" {
type = string
}
variable "user" {
type = string
}
variable "metadata" {
type = any
}
variable "vault_auth_approle" {
type = any
}
resource "vault_approle_auth_backend_role" "system" {
backend = var.vault_auth_approle.path
role_name = var.hostname
token_policies = var.policies
}
data "vault_approle_auth_backend_role_id" "system" {
backend = var.vault_auth_approle.path
role_name = vault_approle_auth_backend_role.system.role_name
}
resource "vault_approle_auth_backend_role_secret_id" "system" {
backend = var.vault_auth_approle.path
role_name = vault_approle_auth_backend_role.system.role_name
metadata = jsonencode(var.metadata)
}
resource "null_resource" "approles" {
triggers = {
secret_id = vault_approle_auth_backend_role_secret_id.system.secret_id
role_id = data.vault_approle_auth_backend_role_id.system.role_id
}
connection {
host = var.host
user = var.user
}
provisioner "remote-exec" {
inline = [
"#!/usr/bin/env bash",
"echo \"${vault_approle_auth_backend_role_secret_id.system.secret_id}\" > /var/secrets/approle.secretid",
"echo \"${data.vault_approle_auth_backend_role_id.system.role_id}\" > /var/secrets/approle.roleid"
]
}
}