Add userpass login to Vault

acls/vault_login.tf

@@ -0,0 +1,8 @@
+resource "vault_auth_backend" "userpass" {
+  type = "userpass"
+
+  tune {
+    max_lease_ttl      = "1h"
+    listing_visibility = "unauth"
+  }
+}

acls/vault_policies.tf

@@ -0,0 +1,9 @@
+resource "vault_policy" "admin" {
+  name = "admin"
+
+  policy = <<EOF
+path "*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+  EOF
+}

bootstrap-values.yml

@@ -57,3 +57,11 @@
               data:
                 "{{ item.value }}"
           loop: "{{ hashi_vault_values | default({}) | dict2items }}"
+
+        - name: Write userpass
+          community.hashi_vault.vault_write:
+            url: "http://{{ inventory_hostname }}:8200"
+            token: "{{ root_token }}"
+            path: "auth/userpass/users/{{ item.name }}"
+            data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'
+          loop: "{{ vault_userpass }}"

vault_hashi_vault_values.example.yml

@@ -16,3 +16,8 @@ hashi_vault_values:
     alert_email_addresses: email@example.com
   backups:
     backup_passphrase: tellnoone
+
+vault_userpass:
+  - name: admin
+    password: foo
+    policies: default