module "auth_approle_backend" { source = "./modules/auth_approle_backend" for_each = var.auth_approle_backend country = var.country region = var.region path = each.key listing_visibility = each.value.listing_visibility default_lease_ttl = each.value.default_lease_ttl max_lease_ttl = each.value.max_lease_ttl } module "auth_approle_role" { source = "./modules/auth_approle_role" for_each = var.auth_approle_role country = var.country region = var.region approle_name = each.value.approle_name mount_path = each.value.mount_path token_policies = var.policy_auth_map[each.value.mount_path][each.value.approle_name] token_ttl = each.value.token_ttl token_max_ttl = each.value.token_max_ttl bind_secret_id = each.value.bind_secret_id secret_id_ttl = each.value.secret_id_ttl token_bound_cidrs = each.value.token_bound_cidrs alias_metadata = each.value.alias_metadata use_deterministic_role_id = each.value.use_deterministic_role_id depends_on = [module.auth_approle_backend] } module "auth_ldap_backend" { source = "./modules/auth_ldap_backend" for_each = var.auth_ldap_backend country = var.country region = var.region path = each.key userdn = each.value.userdn userattr = each.value.userattr upndomain = each.value.upndomain discoverdn = each.value.discoverdn groupdn = each.value.groupdn groupfilter = each.value.groupfilter groupattr = each.value.groupattr alias_metadata = each.value.alias_metadata username_as_alias = each.value.username_as_alias listing_visibility = each.value.listing_visibility default_lease_ttl = each.value.default_lease_ttl max_lease_ttl = each.value.max_lease_ttl } module "auth_ldap_group" { source = "./modules/auth_ldap_group" for_each = var.auth_ldap_group groupname = each.value.groupname backend = each.value.backend policies = var.policy_auth_map[each.value.backend][each.value.groupname] depends_on = [module.auth_ldap_backend] } module "auth_kubernetes_backend" { source = "./modules/auth_kubernetes_backend" for_each = var.auth_kubernetes_backend country = var.country region = var.region path = each.key kubernetes_host = each.value.kubernetes_host disable_iss_validation = each.value.disable_iss_validation use_annotations_as_alias_metadata = each.value.use_annotations_as_alias_metadata listing_visibility = each.value.listing_visibility default_lease_ttl = each.value.default_lease_ttl max_lease_ttl = each.value.max_lease_ttl } module "auth_kubernetes_role" { source = "./modules/auth_kubernetes_role" for_each = var.auth_kubernetes_role role_name = each.value.role_name backend = each.value.backend bound_service_account_names = each.value.bound_service_account_names bound_service_account_namespaces = each.value.bound_service_account_namespaces token_ttl = each.value.token_ttl token_policies = var.policy_auth_map[each.value.backend][each.value.role_name] audience = each.value.audience depends_on = [module.auth_kubernetes_backend] } module "kv_secret_backend" { source = "./modules/kv_secret_backend" for_each = var.kv_secret_backend path = each.key type = each.value.type description = each.value.description kv_version = each.value.version max_versions = each.value.max_versions } module "transit_secret_backend" { source = "./modules/transit_secret_backend" for_each = var.transit_secret_backend path = each.key description = each.value.description default_lease_ttl_seconds = each.value.default_lease_ttl_seconds max_lease_ttl_seconds = each.value.max_lease_ttl_seconds } module "transit_secret_backend_key" { source = "./modules/transit_secret_backend_key" for_each = var.transit_secret_backend_key name = each.value.name backend = each.value.backend type = each.value.type deletion_allowed = each.value.deletion_allowed derived = each.value.derived exportable = each.value.exportable allow_plaintext_backup = each.value.allow_plaintext_backup auto_rotate_period = each.value.auto_rotate_period depends_on = [module.transit_secret_backend] } module "ssh_secret_backend" { source = "./modules/ssh_secret_backend" for_each = var.ssh_secret_backend path = each.key description = each.value.description max_lease_ttl_seconds = each.value.max_lease_ttl_seconds generate_signing_key = each.value.generate_signing_key key_type = each.value.key_type } module "ssh_secret_backend_role" { source = "./modules/ssh_secret_backend_role" for_each = var.ssh_secret_backend_role name = each.value.name backend = each.value.backend key_type = each.value.key_type algorithm_signer = each.value.algorithm_signer ttl = each.value.ttl allow_host_certificates = each.value.allow_host_certificates allow_user_certificates = each.value.allow_user_certificates allowed_domains = each.value.allowed_domains allow_subdomains = each.value.allow_subdomains allow_bare_domains = each.value.allow_bare_domains depends_on = [module.ssh_secret_backend] } module "pki_secret_backend" { source = "./modules/pki_secret_backend" for_each = var.pki_secret_backend path = each.key description = each.value.description max_lease_ttl_seconds = each.value.max_lease_ttl_seconds common_name = each.value.common_name issuer_name = each.value.issuer_name ttl = each.value.ttl format = each.value.format issuing_certificates = each.value.issuing_certificates crl_distribution_points = each.value.crl_distribution_points ocsp_servers = each.value.ocsp_servers enable_templating = each.value.enable_templating default_issuer_ref = each.value.default_issuer_ref default_follows_latest_issuer = each.value.default_follows_latest_issuer crl_expiry = each.value.crl_expiry crl_disable = each.value.crl_disable ocsp_disable = each.value.ocsp_disable auto_rebuild = each.value.auto_rebuild enable_delta = each.value.enable_delta delta_rebuild_interval = each.value.delta_rebuild_interval } module "pki_secret_backend_role" { source = "./modules/pki_secret_backend_role" for_each = var.pki_secret_backend_role name = each.value.name backend = each.value.backend allow_ip_sans = each.value.allow_ip_sans allowed_domains = each.value.allowed_domains allow_subdomains = each.value.allow_subdomains allow_glob_domains = each.value.allow_glob_domains allow_bare_domains = each.value.allow_bare_domains enforce_hostnames = each.value.enforce_hostnames allow_any_name = each.value.allow_any_name max_ttl = each.value.max_ttl key_bits = each.value.key_bits country = each.value.country use_csr_common_name = each.value.use_csr_common_name use_csr_sans = each.value.use_csr_sans depends_on = [module.pki_secret_backend] } module "consul_secret_backend" { source = "./modules/consul_secret_backend" for_each = var.consul_secret_backend country = var.country region = var.region path = each.key description = each.value.description address = each.value.address bootstrap = each.value.bootstrap scheme = each.value.scheme ca_cert = each.value.ca_cert client_cert = each.value.client_cert client_key = each.value.client_key default_lease_ttl_seconds = each.value.default_lease_ttl_seconds max_lease_ttl_seconds = each.value.max_lease_ttl_seconds } module "consul_secret_backend_role" { source = "./modules/consul_secret_backend_role" for_each = var.consul_secret_backend_role name = each.value.name backend = each.value.backend consul_roles = each.value.consul_roles ttl = each.value.ttl max_ttl = each.value.max_ttl local = each.value.local depends_on = [module.consul_secret_backend] } module "kubernetes_secret_backend" { source = "./modules/kubernetes_secret_backend" for_each = var.kubernetes_secret_backend country = var.country region = var.region path = each.key description = each.value.description default_lease_ttl_seconds = each.value.default_lease_ttl_seconds max_lease_ttl_seconds = each.value.max_lease_ttl_seconds kubernetes_host = each.value.kubernetes_host disable_local_ca_jwt = each.value.disable_local_ca_jwt } module "kubernetes_secret_backend_role" { source = "./modules/kubernetes_secret_backend_role" for_each = var.kubernetes_secret_backend_role country = var.country region = var.region name = each.value.name backend = each.value.backend allowed_kubernetes_namespaces = each.value.allowed_kubernetes_namespaces kubernetes_role_type = each.value.kubernetes_role_type extra_labels = each.value.extra_labels depends_on = [module.kubernetes_secret_backend] } module "vault_policy" { source = "./modules/vault_policy" for_each = var.policy_rules_map policy_name = each.key policy_rules = each.value } module "pki_mount_only" { source = "./modules/pki_mount_only" for_each = var.pki_mount_only path = each.key description = each.value.description max_lease_ttl_seconds = each.value.max_lease_ttl_seconds issuer_ref = each.value.issuer_ref issuing_certificates = each.value.issuing_certificates crl_distribution_points = each.value.crl_distribution_points ocsp_servers = each.value.ocsp_servers enable_templating = each.value.enable_templating default_issuer_ref = each.value.default_issuer_ref default_follows_latest_issuer = each.value.default_follows_latest_issuer crl_expiry = each.value.crl_expiry crl_disable = each.value.crl_disable ocsp_disable = each.value.ocsp_disable auto_rebuild = each.value.auto_rebuild enable_delta = each.value.enable_delta delta_rebuild_interval = each.value.delta_rebuild_interval }