Open nfi-hashicorp opened 7 months ago
@nfi-hashicorp Hello! The vault_policy resource should allow you to copy-paste the hcl directly. Does that work for your use case?
Um, not quite. It does let you copy-paste directly, yes, but I was hoping for real HCL, not HCL in a string. For syntax highlighting, linting, etc.
@nfi-hashicorp Thanks for the clarification. In that case, I think you could write the vault policy as a separate file and then use the file function?
Something like:
resource "vault_policy" "example" {
name = "dev-team"
policy = file("${path.module}/policy.hcl")
}
policy.hcl
path "secret/my_app" {
capabilities = ["update"]
}
@nfi-hashicorp Thanks for the clarification. In that case, I think you could write the vault policy as a separate file and then use the file function?
Right, but I'm also going to want to insert values from terraform. Of course, I could use templatefile
, but that's string templating at the end of the day.
To clarify, I can think of a thousand ways to accomplish the task at hand, and those work okay. Keeping it structured has lots of UX benefits:
Description
It's a little strange that you can't just copy-paste an existing Vault policy HCL file into the body of a
vault_policy_document
?Why this:
And not this:
Obviously it's too late to change now without breaking stuff, but maybe a mapping in the docs would be nice?
Affected Resource(s) and/or Data Source(s)
data vault_policy_document
Potential Terraform Configuration
References
No response
Would you like to implement a fix?
None