mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-13 18:31:59 +01:00
a5a651dbb9
Signed-off-by: main <magic_rb@redalder.org>
61 lines
1.3 KiB
HCL
61 lines
1.3 KiB
HCL
variable "policies" {
|
|
type = list(string)
|
|
}
|
|
|
|
variable "hostname" {
|
|
type = string
|
|
}
|
|
|
|
variable "host" {
|
|
type = string
|
|
}
|
|
|
|
variable "user" {
|
|
type = string
|
|
}
|
|
|
|
variable "metadata" {
|
|
type = any
|
|
}
|
|
|
|
variable "vault_auth_approle" {
|
|
type = any
|
|
}
|
|
|
|
resource "vault_approle_auth_backend_role" "system" {
|
|
backend = var.vault_auth_approle.path
|
|
role_name = var.hostname
|
|
token_policies = var.policies
|
|
}
|
|
|
|
data "vault_approle_auth_backend_role_id" "system" {
|
|
backend = var.vault_auth_approle.path
|
|
role_name = vault_approle_auth_backend_role.system.role_name
|
|
}
|
|
|
|
resource "vault_approle_auth_backend_role_secret_id" "system" {
|
|
backend = var.vault_auth_approle.path
|
|
role_name = vault_approle_auth_backend_role.system.role_name
|
|
|
|
metadata = jsonencode(var.metadata)
|
|
}
|
|
|
|
resource "null_resource" "approles" {
|
|
triggers = {
|
|
secret_id = vault_approle_auth_backend_role_secret_id.system.secret_id
|
|
role_id = data.vault_approle_auth_backend_role_id.system.role_id
|
|
}
|
|
|
|
connection {
|
|
host = var.host
|
|
user = var.user
|
|
}
|
|
|
|
provisioner "remote-exec" {
|
|
inline = [
|
|
"#!/usr/bin/env bash",
|
|
"echo \"${vault_approle_auth_backend_role_secret_id.system.secret_id}\" > /var/secrets/approle.secretid",
|
|
"echo \"${data.vault_approle_auth_backend_role_id.system.role_id}\" > /var/secrets/approle.roleid"
|
|
]
|
|
}
|
|
}
|