Merge branch 'vault-user' into 'master'

add vault user & admin entities and policies See merge request platform-one/big-bang/apps/sandbox/vault!13

Merge branch 'vault-user' into 'master'
5193ac0b · Ryan Garcia · 7f9a1d8f · 3e4ccdda · 5193ac0b · 5193ac0b
Commit 5193ac0b authored 3 years ago by Ryan Garcia
--- a/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl
+++ b/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl
@@ -21,6 +21,6 @@ inputs = {
  name                = "sudo"
  policies            = ["sudo"]
  member_entity_ids   = [
-    dependency.user1_identity_id.outputs.id,
+    dependency.admin1_identity_id.outputs.id,
  ]
 }
--- a/vault/config-as-code/identity_control/groups/vault_user1-kv/terragrunt.hcl
+++ b/vault/config-as-code/identity_control/groups/vault_user1-kv/terragrunt.hcl
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  source = "../../../terraform-modules/identity_group"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+dependency user1_identity_id {
+  config_path = "../../users/vault_user1"
+  mock_outputs = {
+    member_entity_ids = "abc-123"
+  }
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+  name                = "user1"
+  policies            = ["user1"]
+  member_entity_ids   = [
+    dependency.user1_identity_id.outputs.id,
+  ]
+}
--- a/vault/config-as-code/identity_control/users/vault_user2/terragrunt.hcl
+++ b/vault/config-as-code/identity_control/users/vault_user2/terragrunt.hcl
@@ -19,7 +19,7 @@ dependency userpass_auth_backend {
 # These are the variables we have to pass in to use the module specified in the terragrunt configuration above
 inputs = {
  auth_backend              = dependency.userpass_auth_backend.outputs.accessor
-  identity_entity_name      = "test.user2"
+  identity_entity_name      = "test.admin1"
  identity_entity_policies  = ["change-userpass-password"]
-  userpass_username         = "user2"
+  userpass_username         = "admin1"
 }
--- a/vault/config-as-code/kv/vault_admin1-kv/terragrunt.hcl
+++ b/vault/config-as-code/kv/vault_admin1-kv/terragrunt.hcl
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  source = "git::https://repo1.dso.mil/platform-one/private/cnap/terraform-modules.git//vault/mount"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+  mount_path                = "kv/vault_admin1"
+  mount_type                = "kv"
+  description               = "pki secrets for container signing"
+  max_mount_ttl             = "315569260"
+  default_mount_ttl         = "315569260"
+}
--- a/vault/config-as-code/kv/vault_user1-kv/terragrunt.hcl
+++ b/vault/config-as-code/kv/vault_user1-kv/terragrunt.hcl
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  source = "git::https://repo1.dso.mil/platform-one/private/cnap/terraform-modules.git//vault/mount"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+  mount_path                = "kv/vault_user1"
+  mount_type                = "kv"
+  description               = "pki secrets for container signing"
+  max_mount_ttl             = "315569260"
+  default_mount_ttl         = "315569260"
+}
--- a/vault/config-as-code/policies/user1/terragrunt.hcl
+++ b/vault/config-as-code/policies/user1/terragrunt.hcl
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  source = "../../../terraform-modules/policy"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+  name   = "user1"
+  policy = <<EOT
+# -----------------------------------------------------------------------------
+# Root equivalent permissions
+# -----------------------------------------------------------------------------
+path "kv/vault_user1" {
+  capabilities = ["read"]
+}
+
+EOT
+}