arcodange-org/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TODO: 1 vault_database_secret_backend_connection per database

Browse Source
This commit is contained in:
Gabriel Radureau
2025-12-09 12:58:59 +01:00
parent 2903f70e9f
commit a5338ac6f7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hashicorp-vault/iac/modules/app_roles/main.tf
View File

@@ -27,8 +27,8 @@ resource "vault_database_secret_backend_role" "role" {
"GRANT ${local.name}_role TO \"{{name}}\";",
]
revocation_statements = [
"REASSIGN OWNED BY \"{{name}}\" TO ${local.name}_role;",
"REVOKE ALL ON DATABASE ${local.database} FROM \"{{name}}\";", # should we drop the role ?
"REASSIGN OWNED BY \"{{name}}\" TO ${local.name}_role;", # reassign must be executed in the database where the reassgined objects are - TODO (one connection per database/app)
"REVOKE ALL ON DATABASE ${local.database} FROM \"{{name}}\";", # should we drop the role ? -> YES after fixing reassign
]
renew_statements = []
rollback_statements = []