policies.tf

@@ -1,14 +1,44 @@
-# Automatically discover all HCL policy files under policies/ directory
+# Define a list of directories that contain policy files
 locals {
-  policy_files = [
+  policy_directories = [
-    for f in fileset("policies", "**/*.hcl") : {
+    "policies",
-      name = trimsuffix(f, ".hcl")
+    "policies/sys",
-      path = "policies/${f}"
+    "policies/auth/approle",
-    }
+    "policies/auth/kubernetes",
+    "policies/auth/ldap",
+    "policies/auth/token",
+    "policies/k8s",
+    "policies/pki_int",
+    "policies/pki_root",
+    "policies/rundeck",
+    "policies/ssh-host-signer",
+    "policies/sshca",
+    "policies/transit/decrypt",
+    "policies/transit/encrypt",
+    "policies/transit/keys",
+    "policies/kv/service/glauth/services",
+    "policies/kv/service/incus",
+    "policies/kv/service/packer",
+    "policies/kv/service/puppet/certificates",
+    "policies/kv/service/puppetapi",
+    "policies/kv/service/terraform",
+    "policies/kv/service/kubernetes/au/syd1/token_reviewer_jwt",
   ]
 }
 
-# Define Vault policies for all discovered HCL files
+# Load policy files from each directory
+locals {
+  policy_files = flatten([
+    for path in local.policy_directories : [
+      for f in fileset(path, "*.hcl") : {
+        name = trimsuffix(trimprefix("${path}/${f}", "policies/"), ".hcl")
+        path = "${path}/${f}"
+      }
+    ]
+  ])
+}
+
+# Define Vault policies for all listed directories
 resource "vault_policy" "policies" {
   for_each = { for p in local.policy_files : p.name => p }