feat: initial commit

Signed-off-by: Kevin Lefevre <[email protected]>

README.md

@@ -8,4 +8,50 @@ Repository template for Particule's Terraform module.
 ### Examples
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_vault"></a> [vault](#provider\_vault) | 3.2.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [vault_audit.audit](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/audit) | resource |
+| [vault_auth_backend.auth_backends](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/auth_backend) | resource |
+| [vault_generic_secret.secret](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/generic_secret) | resource |
+| [vault_github_auth_backend.github](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/github_auth_backend) | resource |
+| [vault_github_team.github](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/github_team) | resource |
+| [vault_github_user.github](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/github_user) | resource |
+| [vault_kubernetes_auth_backend_config.kubernetes_configs](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/kubernetes_auth_backend_config) | resource |
+| [vault_kubernetes_auth_backend_role.kubernetes](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/kubernetes_auth_backend_role) | resource |
+| [vault_mount.mounts](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/mount) | resource |
+| [vault_policy.policy](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_audits"></a> [audits](#input\_audits) | n/a | `any` | `{}` | no |
+| <a name="input_auth_backends"></a> [auth\_backends](#input\_auth\_backends) | n/a | `any` | `{}` | no |
+| <a name="input_github_auths"></a> [github\_auths](#input\_github\_auths) | n/a | `any` | `{}` | no |
+| <a name="input_github_roles_teams"></a> [github\_roles\_teams](#input\_github\_roles\_teams) | n/a | `any` | `{}` | no |
+| <a name="input_github_roles_users"></a> [github\_roles\_users](#input\_github\_roles\_users) | n/a | `any` | `{}` | no |
+| <a name="input_kubernetes_roles"></a> [kubernetes\_roles](#input\_kubernetes\_roles) | n/a | `any` | `{}` | no |
+| <a name="input_mounts"></a> [mounts](#input\_mounts) | n/a | `any` | `{}` | no |
+| <a name="input_policies"></a> [policies](#input\_policies) | n/a | `map(any)` | `{}` | no |
+| <a name="input_secrets"></a> [secrets](#input\_secrets) | n/a | `any` | `{}` | no |
+
+## Outputs
+
+No outputs.
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

main.tf

@@ -1 +1,71 @@
-# Main module resources
+resource "vault_github_auth_backend" "github" {
+  for_each     = var.github_auths
+  organization = each.value.organization
+  path         = try(each.value.path, null)
+}
+
+resource "vault_github_team" "github" {
+  for_each = var.github_roles_teams
+  backend  = vault_github_auth_backend.github[each.key].id
+  team     = each.value.team
+  policies = try(each.value.policies, null)
+}
+
+resource "vault_github_user" "github" {
+  for_each = var.github_roles_users
+  backend  = vault_github_auth_backend.github[each.key].id
+  user     = each.value.user
+  policies = try(each.value.policues, null)
+}
+
+resource "vault_generic_secret" "secret" {
+  for_each   = var.secrets
+  path       = each.key
+  data_json  = each.value
+  depends_on = [vault_mount.mounts]
+}
+
+resource "vault_policy" "policy" {
+  for_each = var.policies
+  name     = each.key
+  policy   = each.value
+}
+
+resource "vault_mount" "mounts" {
+  for_each = var.mounts
+  path     = try(each.value.path, each.key)
+  type     = each.value.type
+  options  = try(each.value.options, null)
+}
+
+resource "vault_auth_backend" "auth_backends" {
+  for_each = var.auth_backends
+  type     = each.value.type
+  path     = try(each.value.path, each.key)
+}
+
+resource "vault_audit" "audit" {
+  for_each = var.audits
+  type     = each.value.type
+  path     = try(each.value.path, null)
+  local    = try(each.value.local, false)
+  options  = try(each.value.options, null)
+}
+
+resource "vault_kubernetes_auth_backend_config" "kubernetes_configs" {
+  for_each           = { for k, v in var.auth_backends : k => v if v.type == "kubernetes" }
+  backend            = vault_auth_backend.auth_backends[each.key].path
+  kubernetes_host    = each.value.kubernetes_host
+  kubernetes_ca_cert = try(each.value.kubernetes_ca_cert, null)
+  token_reviewer_jwt = try(each.value.token_reviewer_jwt, null)
+}
+
+resource "vault_kubernetes_auth_backend_role" "kubernetes" {
+  for_each                         = var.kubernetes_roles
+  backend                          = try(each.value.backend, null)
+  role_name                        = try(each.value.name, each.key)
+  bound_service_account_names      = each.value.bound_service_account_names
+  bound_service_account_namespaces = each.value.bound_service_account_namespaces
+  token_policies                   = try(each.value.token_policies, null)
+  depends_on                       = [vault_policy.policy]
+}

variables.tf

@@ -1 +1,44 @@
-# Define the module's input below
+variable "policies" {
+  type    = map(any)
+  default = {}
+}
+
+variable "mounts" {
+  type    = any
+  default = {}
+}
+
+variable "secrets" {
+  type    = any
+  default = {}
+}
+
+variable "kubernetes_roles" {
+  type    = any
+  default = {}
+}
+
+variable "github_roles_teams" {
+  type    = any
+  default = {}
+}
+
+variable "github_roles_users" {
+  type    = any
+  default = {}
+}
+
+variable "github_auths" {
+  type    = any
+  default = {}
+}
+
+variable "auth_backends" {
+  type    = any
+  default = {}
+}
+
+variable "audits" {
+  type    = any
+  default = {}
+}