terraform {
  backend "gcs" {
    bucket  = "arcodange-tf"
    prefix  = "tools/hashicorp_vault/main"
  }
}

variable "vault_address" {
  type = string
  default = "http://127.0.0.1:8200"
}

terraform {
    required_providers {
      vault = {
        source = "vault"
        version = "4.4.0"
      }
    }
}

provider vault {
    address = var.vault_address
    auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
        role = "admin"
    }
}

data "vault_policy_document" "admin" {
  rule {
    path         = "*"
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
    description  = "admin privileges"
  }
}
resource "vault_policy" "admin" {
    name = "admin"
    policy = data.vault_policy_document.admin.hcl
}