#-----------------------------------
# Enable kubernetes auth method
#-----------------------------------
resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
  path = "kubernetes"
}

# Data source to read the token_reviewer_jwt from Vault KV
data "vault_kv_secret_v2" "token_reviewer_jwt_au_syd1" {
  mount = "kv"
  name  = "service/kubernetes/au/syd1/token_reviewer_jwt"
}

# Configure Kubernetes auth backend
resource "vault_kubernetes_auth_backend_config" "config" {
  backend                           = vault_auth_backend.kubernetes.path
  kubernetes_host                   = "https://api-k8s.service.consul:6443"
  kubernetes_ca_cert                = local.kubernetes_ca_cert_au_syd1
  token_reviewer_jwt                = data.vault_kv_secret_v2.token_reviewer_jwt_au_syd1.data["token"]
  disable_iss_validation            = true
  use_annotations_as_alias_metadata = true
}