From bcdb81e060dcc364b276e05d4f9d8423528b06e7 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Mon, 21 Oct 2024 19:42:49 +1100
Subject: [PATCH] feat: add vault admin group

- assign global-admin policy
---
 auth_backend_ldap.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/auth_backend_ldap.tf b/auth_backend_ldap.tf
index fb34a87..41c0ece 100644
--- a/auth_backend_ldap.tf
+++ b/auth_backend_ldap.tf
@@ -29,3 +29,12 @@ resource "vault_ldap_auth_backend_group" "vault_access" {
   ]
   backend = vault_ldap_auth_backend.ldap.path
 }
+
+resource "vault_ldap_auth_backend_group" "vault_admin" {
+  groupname = "vault_access"
+  policies = [
+    "default_access",
+    "global-admin",
+  ]
+  backend = vault_ldap_auth_backend.ldap.path
+}