tbeyer567 · October 24, 2021 19:47
diff --git a/gistfile1.txt b/gistfile1.txt
 # Enable userpass auth method

 resource "vault_auth_backend" "userpass" {
  type = "userpass"
 }

 resource "vault_generic_endpoint" "admin" {
  depends_on           = [vault_auth_backend.userpass]
  path                 = "auth/userpass/users/admin"
  ignore_absent_fields = true

  data_json = <<EOT
 {
  "policies": ["admins"],
  "password": "changeme"
 }
 EOT
 }
diff --git a/gistfile2.txt b/gistfile2.txt
 # Manage auth methods broadly across Vault
 path "auth/*"
 {
  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }

 # Create, update, and delete auth methods
 path "sys/auth/*"
 {
  capabilities = ["create", "update", "delete", "sudo"]
 }

 # List auth methods
 path "sys/auth"
 {
  capabilities = ["read"]
 }

 # Create and manage ACL policies
 path "sys/policies/acl/*"
 {
  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }

 # List ACL policies
 path "sys/policies/acl"
 {
  capabilities = ["list"]
 }

 # Create and manage secrets engines broadly across Vault.
 path "sys/mounts/*"
 {
  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }

 # List enabled secrets engines
 path "sys/mounts"
 {
  capabilities = ["read", "list"]
 }

 # Manage namespaces
 path "sys/namespaces/*" {
   capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }

 # List, create, update, and delete key/value secrets at kv-v2/
 path "kv-v2/*"
 {
  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
 }

 # Read health checks
 path "sys/health"
 {
  capabilities = ["read", "sudo"]
 }
diff --git a/gistfile3.txt b/gistfile3.txt
 # Create policies

 # Create admin policy in the root namespace
 resource "vault_policy" "admin_policy" {
  name   = "admins"
  policy = file("policies/admin-policy.hcl")
 }

 # Create admin policy in the engineering namespace
 resource "vault_policy" "admin_policy_engineering" {
  provider = vault.engineering
  depends_on = [vault_namespace.engineering]
  name   = "admins"
  policy = file("policies/admin-policy.hcl")
 }
	# Enable userpass auth method

	resource "vault_auth_backend" "userpass" {
	type = "userpass"
	}

	resource "vault_generic_endpoint" "admin" {
	depends_on = [vault_auth_backend.userpass]
	path = "auth/userpass/users/admin"
	ignore_absent_fields = true

	data_json = <<EOT
	{
	"policies": ["admins"],
	"password": "changeme"
	}
	EOT
	}
	# Manage auth methods broadly across Vault
	path "auth/*"
	{
	capabilities = ["create", "read", "update", "delete", "list", "sudo"]
	}

	# Create, update, and delete auth methods
	path "sys/auth/*"
	{
	capabilities = ["create", "update", "delete", "sudo"]
	}

	# List auth methods
	path "sys/auth"
	{
	capabilities = ["read"]
	}

	# Create and manage ACL policies
	path "sys/policies/acl/*"
	{
	capabilities = ["create", "read", "update", "delete", "list", "sudo"]
	}

	# List ACL policies
	path "sys/policies/acl"
	{
	capabilities = ["list"]
	}

	# Create and manage secrets engines broadly across Vault.
	path "sys/mounts/*"
	{
	capabilities = ["create", "read", "update", "delete", "list", "sudo"]
	}

	# List enabled secrets engines
	path "sys/mounts"
	{
	capabilities = ["read", "list"]
	}

	# Manage namespaces
	path "sys/namespaces/*" {
	capabilities = ["create", "read", "update", "delete", "list", "sudo"]
	}

	# List, create, update, and delete key/value secrets at kv-v2/
	path "kv-v2/*"
	{
	capabilities = ["create", "read", "update", "delete", "list", "sudo"]
	}

	# Read health checks
	path "sys/health"
	{
	capabilities = ["read", "sudo"]
	}
	# Create policies

	# Create admin policy in the root namespace
	resource "vault_policy" "admin_policy" {
	name = "admins"
	policy = file("policies/admin-policy.hcl")
	}

	# Create admin policy in the engineering namespace
	resource "vault_policy" "admin_policy_engineering" {
	provider = vault.engineering
	depends_on = [vault_namespace.engineering]
	name = "admins"
	policy = file("policies/admin-policy.hcl")
	}