unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enable retrieving bindpass from vault

Browse Source 
- set bindpass/binddn/url correctly for ldap
- retrieve bindpass from vault
This commit is contained in:
Ben Vincent 2024-09-23 22:49:53 +10:00
parent 14790f8277
commit 7b9e27cfe6
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
auth_backend_ldap.tf
View File

@ -1,13 +1,22 @@
#-------------------------------- #--------------------------------
# Enable ldap auth method # Enable ldap auth method
#-------------------------------- #--------------------------------
# retrieve the bindpass from Vault
data "vault_generic_secret" "ldap_bindpass" {
path = "kv/service/glauth/services/svc_vault"
}
# create the ldap backend
resource "vault_ldap_auth_backend" "ldap" { resource "vault_ldap_auth_backend" "ldap" {
path = "ldap" path = "ldap"
url = "ldap://ldap.query.consul" url = "ldap://ldap.service.consul"
userdn = "dc=main,dc=unkin,dc=net" userdn = "dc=main,dc=unkin,dc=net"
userattr = "uid" userattr = "uid"
upndomain = "main.unkin.net" upndomain = "main.unkin.net"
discoverdn = false discoverdn = false
groupdn = "ou=groups,dc=main,dc=unkin,dc=net" groupdn = "ou=groups,dc=main,dc=unkin,dc=net"
groupfilter = "(memberOf=ou=vault_access,ou=groups,dc=main,dc=unkin,dc=net)" groupfilter = "(memberOf=ou=vault_access,ou=groups,dc=main,dc=unkin,dc=net)"
binddn = "svc_vault"
bindpass = data.vault_generic_secret.ldap_bindpass.data["pass"]
} }