resource "vault_jwt_auth_backend" "keycloak" {
    description         = "Keycloak OIDC auth"
    path                = "oidc"
    type                = "oidc"
    oidc_discovery_url  = "https://auth.janky.solutions/realms/janky.solutions"
    oidc_client_id      = "openbao"
    oidc_client_secret  = "secret123456"
    bound_issuer        = "https://auth.janky.solutions/realms/janky.solutions"
}

resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
}

resource "vault_kubernetes_auth_backend_role" "k8s-default" {
  backend                          = vault_auth_backend.kubernetes.path
  role_name                        = "kubernetes-default"
  bound_service_account_names      = ["default"]
  bound_service_account_namespaces = ["*"]
  token_ttl                        = 3600
  token_policies                   = [
    vault_policy.k8s_default_sa.name
  ]
}