bao policies: to use tf template

This commit is contained in:
Finn 2024-09-10 10:36:12 -07:00
parent 6f568ffc4e
commit f497e9ba55
4 changed files with 6 additions and 10 deletions

View file

@ -1,5 +1,5 @@
resource "vault_policy" "k8s_default_sa" { resource "vault_policy" "k8s_default" {
name = "k8s-default-sa" name = "k8s-default-sa"
policy = file("bao-policies/k8s-default-sa.hcl") policy = templatefile("bao-policies/k8s-default.hcl", { k8s_auth_backend = vault_auth_backend.kubernetes.accessor })
} }

View file

@ -1,3 +0,0 @@
path "test-kv/data/{{identity.entity.aliases.auth_kubernetes_6872b6a9.metadata.service_account_namespace}}/*" {
capabilities = ["read"]
}

View file

@ -0,0 +1,3 @@
path "test-kv/data/{{identity.entity.aliases.${k8s_auth_backend}.metadata.service_account_namespace}}/*" {
capabilities = ["read"]
}

View file

@ -7,8 +7,4 @@ data "terraform_remote_state" "foo" {
} }
} }
provider "vault" { provider "vault" {}
# This will default to using $VAULT_ADDR
# But can be set explicitly
# address = "https://vault.example.net:8200"
}