diff --git a/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl b/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl
index 5df7308f5d77fa0ceb635f789efd75039e9d55e8..4461939a4d353cc34adc9b73c0e39f36ceccda6f 100644
--- a/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl
+++ b/vault/config-as-code/identity_control/groups/sudo/terragrunt.hcl
@@ -21,6 +21,6 @@ inputs = {
name = "sudo"
policies = ["sudo"]
member_entity_ids = [
- dependency.user1_identity_id.outputs.id,
+ dependency.admin1_identity_id.outputs.id,
]
}
diff --git a/vault/config-as-code/identity_control/groups/vault_user1-kv/terragrunt.hcl b/vault/config-as-code/identity_control/groups/vault_user1-kv/terragrunt.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..054578028d472553959bffc05208315ba0a7f138
--- /dev/null
+++ b/vault/config-as-code/identity_control/groups/vault_user1-kv/terragrunt.hcl
@@ -0,0 +1,26 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+ source = "../../../terraform-modules/identity_group"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+ path = find_in_parent_folders()
+}
+
+dependency user1_identity_id {
+ config_path = "../../users/vault_user1"
+ mock_outputs = {
+ member_entity_ids = "abc-123"
+ }
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+ name = "user1"
+ policies = ["user1"]
+ member_entity_ids = [
+ dependency.user1_identity_id.outputs.id,
+ ]
+}
diff --git a/vault/config-as-code/identity_control/users/vault_user2/terragrunt.hcl b/vault/config-as-code/identity_control/users/vault_admin1/terragrunt.hcl
similarity index 90%
rename from vault/config-as-code/identity_control/users/vault_user2/terragrunt.hcl
rename to vault/config-as-code/identity_control/users/vault_admin1/terragrunt.hcl
index ed1190d3cd5b0af5b0ef4bba5aa4c046e8afd0f0..60292130089da11dbb9e9b42188941728ee37ab6 100644
--- a/vault/config-as-code/identity_control/users/vault_user2/terragrunt.hcl
+++ b/vault/config-as-code/identity_control/users/vault_admin1/terragrunt.hcl
@@ -19,7 +19,7 @@ dependency userpass_auth_backend {
# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
inputs = {
auth_backend = dependency.userpass_auth_backend.outputs.accessor
- identity_entity_name = "test.user2"
+ identity_entity_name = "test.admin1"
identity_entity_policies = ["change-userpass-password"]
- userpass_username = "user2"
+ userpass_username = "admin1"
}
diff --git a/vault/config-as-code/kv/vault_admin1-kv/terragrunt.hcl b/vault/config-as-code/kv/vault_admin1-kv/terragrunt.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..f0f4a65c1b83f2957b86c7ced4ab0b0bd92b53dc
--- /dev/null
+++ b/vault/config-as-code/kv/vault_admin1-kv/terragrunt.hcl
@@ -0,0 +1,19 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+ source = "git::https://repo1.dso.mil/platform-one/private/cnap/terraform-modules.git//vault/mount"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+ path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+ mount_path = "kv/vault_admin1"
+ mount_type = "kv"
+ description = "pki secrets for container signing"
+ max_mount_ttl = "315569260"
+ default_mount_ttl = "315569260"
+}
diff --git a/vault/config-as-code/kv/vault_user1-kv/terragrunt.hcl b/vault/config-as-code/kv/vault_user1-kv/terragrunt.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..209975629aeefa9a83ec2679eed356f9fbce37f3
--- /dev/null
+++ b/vault/config-as-code/kv/vault_user1-kv/terragrunt.hcl
@@ -0,0 +1,19 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+ source = "git::https://repo1.dso.mil/platform-one/private/cnap/terraform-modules.git//vault/mount"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+ path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+ mount_path = "kv/vault_user1"
+ mount_type = "kv"
+ description = "pki secrets for container signing"
+ max_mount_ttl = "315569260"
+ default_mount_ttl = "315569260"
+}
diff --git a/vault/config-as-code/policies/user1/terragrunt.hcl b/vault/config-as-code/policies/user1/terragrunt.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..72bc790100824ac6f6fdeed8e4bed6059e771187
--- /dev/null
+++ b/vault/config-as-code/policies/user1/terragrunt.hcl
@@ -0,0 +1,24 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+ source = "../../../terraform-modules/policy"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+ path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
+inputs = {
+ name = "user1"
+ policy = <<EOT
+# -----------------------------------------------------------------------------
+# Root equivalent permissions
+# -----------------------------------------------------------------------------
+path "kv/vault_user1" {
+ capabilities = ["read"]
+}
+
+EOT
+}