Ben Vincent
14790f8277
- import pki, ssh, kv, rundeck engines - deploy all roles from terraform - deploy all policies from terraform - deploy all approles from terraform
32 lines
796 B
HCL
32 lines
796 B
HCL
# Define directories for different policy sets
|
|
locals {
|
|
policy_directories = {
|
|
pki_int = "policies/pki_int"
|
|
pki_root = "policies/pki_root"
|
|
rundeck = "policies/rundeck"
|
|
ssh_host_signer = "policies/ssh-host-signer"
|
|
sshca = "policies/sshca"
|
|
}
|
|
}
|
|
|
|
# Load policy files from each directory
|
|
locals {
|
|
policy_files = flatten([
|
|
for dir, path in local.policy_directories : [
|
|
for policy in fileset(path, "*.hcl") : {
|
|
name = trim(replace(policy, ".hcl", ""), "/")
|
|
path = "${path}/${policy}"
|
|
}
|
|
]
|
|
])
|
|
}
|
|
|
|
# Define vault policies for all sets
|
|
resource "vault_policy" "policies" {
|
|
for_each = { for policy in local.policy_files : policy.name => policy }
|
|
|
|
name = each.value.name
|
|
policy = file(each.value.path)
|
|
}
|
|
|