diff --git a/README.md b/README.md
index 18a9aef..8d2dc6b 100644
--- a/README.md
+++ b/README.md
@@ -32,11 +32,18 @@ module "entities" {
}
]
- aliases = {
- "alias-1" = "user-1"
- "alias-2" = "user-2"
- "alias-3" = "user-3"
- }
+ aliases = [
+ {
+ "name" = "jwt-user-1"
+ "entity" = "user-1"
+ "auth_path" = "jwt"
+ },
+ {
+ "name" = "oidc-user2"
+ "entity" = "user-2"
+ "auth_path" = "oidc"
+ }
+ ]
}
module "vault_groups" {
@@ -75,6 +82,7 @@ module "vault_groups" {
| Name | Description | Type | Default |
|------|-------------|------|---------|
| create_vault_entity_aliases | n/a | `bool` | `false` |
+| vault_aliases_objects | List of objects defining the alias to entity and auth path match | list(object({
name = string
entity = string
auth_path = string
})) | `[]` |
| vault_endpoint | Vault endpoint | `string` | `"http://127.0.0.1:8200"` |
| vault_entity_objects | List object for the Vault identity entity | list(object({
name = string
policies = list(string)
metadata = map(string)
})) | `[]` |
| vault_group_objects | List object for Vault identity group | list(object({
name = string
type = string
policies = list(string)
member_group_ids = list(string)
member_entity_ids = list(string)
metadata = map(string)
})) | `[]` |
diff --git a/main.tf b/main.tf
index 30f1558..737b03e 100644
--- a/main.tf
+++ b/main.tf
@@ -11,6 +11,7 @@ module "vault_entities" {
create_entity_aliases = var.create_vault_entity_aliases
entities = var.vault_entity_objects
+ aliases = var.vault_aliases_objects
}
module "vault_groups" {
diff --git a/modules/vault-identity-entities/README.md b/modules/vault-identity-entities/README.md
index 00fa3de..0a899eb 100644
--- a/modules/vault-identity-entities/README.md
+++ b/modules/vault-identity-entities/README.md
@@ -32,11 +32,18 @@ module "entities" {
}
]
- aliases = {
- "alias-1" = "user-1"
- "alias-2" = "user-2"
- "alias-3" = "user-3"
- }
+ aliases = [
+ {
+ "name" = "jwt-user-1"
+ "entity" = "user-1"
+ "auth_path" = "jwt"
+ },
+ {
+ "name" = "oidc-user2"
+ "entity" = "user-2"
+ "auth_path" = "oidc"
+ }
+ ]
}
```
@@ -56,7 +63,7 @@ module "entities" {
| Name | Description | Type | Default |
|------|-------------|------|---------|
-| aliases | Map of aliases linked to entities | `map` | `{}` |
+| aliases | List of objects defining the alias to entity and auth path match | list(object({
name = string
entity = string
auth_path = string
})) | `[]` |
| create_entity_aliases | Enable the creation of entity aliase | `bool` | `false` |
| entities | List object for the Vault identity entity | list(object({
name = string
policies = list(string)
metadata = map(string)
})) | `[]` |
diff --git a/modules/vault-identity-entities/variables.tf b/modules/vault-identity-entities/variables.tf
index 884ccff..8ae9404 100644
--- a/modules/vault-identity-entities/variables.tf
+++ b/modules/vault-identity-entities/variables.tf
@@ -9,7 +9,8 @@ variable "entities" {
}
variable "create_entity_aliases" {
- default = false
+ description = "Enable Vault entity alias creation"
+ default = false
}
variable "aliases" {
diff --git a/variables.tf b/variables.tf
index 9a949f3..438c20b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,7 +4,8 @@ variable "vault_endpoint" {
}
variable "create_vault_entity_aliases" {
- default = false
+ description = "Enable Vault entity alias creation"
+ default = false
}
variable "vault_entity_objects" {
@@ -17,6 +18,16 @@ variable "vault_entity_objects" {
default = []
}
+variable "vault_aliases_objects" {
+ description = "List of objects defining the alias to entity and auth path match"
+ type = list(object({
+ name = string
+ entity = string
+ auth_path = string
+ }))
+ default = []
+}
+
variable "vault_group_objects" {
description = "List object for Vault identity group"
type = list(object({