61 lines
1.4 KiB
HCL
61 lines
1.4 KiB
HCL
# Create an identity for the admin user
|
|
resource "vault_identity_entity" "admin" {
|
|
name = "admin"
|
|
policies = ["admin"]
|
|
metadata = {
|
|
email = "admin@example.com"
|
|
}
|
|
|
|
depends_on = [
|
|
vault_policy.admin,
|
|
vault_generic_secret.admin_user,
|
|
]
|
|
}
|
|
|
|
# Tie the identity to the userpass
|
|
resource "vault_identity_entity_alias" "admin" {
|
|
name = "admin"
|
|
mount_accessor = vault_auth_backend.userpass.accessor
|
|
canonical_id = vault_identity_entity.admin.id
|
|
}
|
|
|
|
# Tie the identity to a group
|
|
resource "vault_identity_group" "admins" {
|
|
name = "admins"
|
|
member_entity_ids = [vault_identity_entity.admin.id]
|
|
}
|
|
|
|
# Create an oidc client
|
|
resource "vault_identity_oidc_assignment" "everyone" {
|
|
name = "everyone"
|
|
entity_ids = [
|
|
vault_identity_entity.admin.id,
|
|
]
|
|
group_ids = [
|
|
vault_identity_group.admins.id,
|
|
]
|
|
}
|
|
|
|
resource "vault_identity_oidc_key" "key" {
|
|
name = "key"
|
|
algorithm = "RS256"
|
|
rotation_period = 3600
|
|
verification_ttl = 7200
|
|
allowed_client_ids = ["*"]
|
|
}
|
|
|
|
resource "vault_identity_oidc_client" "consul" {
|
|
name = "consul"
|
|
redirect_uris = [
|
|
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
|
|
"http://127.0.0.1:8251/callback",
|
|
"http://127.0.0.1:8080/callback"
|
|
]
|
|
assignments = [
|
|
vault_identity_oidc_assignment.everyone.name
|
|
]
|
|
key = vault_identity_oidc_key.key.name
|
|
id_token_ttl = 2400
|
|
access_token_ttl = 7200
|
|
}
|