resource "vault_approle_auth_backend_role" "tf_vault" {
  role_name      = "tf_vault"
  bind_secret_id = false
  token_policies = [
    "default_access",
    "auth/token/auth_token_create",
    "auth/token/auth_token_self",
    "auth/token/auth_token_roles_admin",
    "auth/approle/approle_role_admin",
    "auth/approle/approle_role_login",
    "approle_token_create",
    "auth/kubernetes/k8s_auth_admin",
    "k8s/k8s_pki_roles_admin",
    "auth/ldap/ldap_admin",
    "pki_int/pki_int_roles_admin",
    "pki_root/pki_root_roles_admin",
    "ssh-host-signer/ssh-host-signer_roles_admin",
    "sshca_roles_admin",
    "kv/service/glauth/services/svc_vault_read",
    "sys/sys_auth_admin",
    "sys/sys_mounts_admin",
    "sys/sys_policy_admin",
  ]
  token_ttl     = 60
  token_max_ttl = 120
  token_bound_cidrs = [
    "10.10.12.200/32",
  ]
}