terraform-vault/modules/vault_cluster/modules/pki_mount_only/main.tf

resource "vault_mount" "pki" {
  path                  = var.path
  type                  = "pki"
  description           = var.description
  max_lease_ttl_seconds = var.max_lease_ttl_seconds
}

resource "vault_pki_secret_backend_config_urls" "config_urls" {
  backend = vault_mount.pki.path

  issuing_certificates    = var.issuing_certificates
  crl_distribution_points = var.crl_distribution_points
  ocsp_servers            = var.ocsp_servers
  enable_templating       = var.enable_templating
}

resource "vault_pki_secret_backend_config_issuers" "issuers" {
  count = var.default_issuer_ref != null ? 1 : 0

  backend                       = vault_mount.pki.path
  default                       = var.default_issuer_ref
  default_follows_latest_issuer = var.default_follows_latest_issuer
}

resource "vault_pki_secret_backend_crl_config" "crl" {
  backend                = vault_mount.pki.path
  expiry                 = var.crl_expiry
  disable                = var.crl_disable
  ocsp_disable           = var.ocsp_disable
  auto_rebuild           = var.auto_rebuild
  enable_delta           = var.enable_delta
  delta_rebuild_interval = var.delta_rebuild_interval
}