depot/ops/vault/cfg/module-authbackend.nix

{ config, lib, ... }:

let
  inherit (lib) types mkOption mapAttrsToList mkMerge;
in {
  options = {
    my.authBackend = mkOption {
      default = {};
      type = types.attrsOf (types.submodule ({ name, ... }: {
        options = {
          type = mkOption { type = types.str; default = name; };
          path = mkOption { type = types.str; default = name; };
          resourceType = mkOption { type = types.str; default = "vault_auth_backend"; };

          tune = {
            default_lease_ttl = mkOption { type = with types; nullOr str; default = null; };
            max_lease_ttl = mkOption { type = with types; nullOr str; default = null; };
            audit_non_hmac_response_keys = mkOption { type = with types; listOf str; default = []; };
            audit_non_hmac_request_keys = mkOption { type = with types; listOf str; default = []; };
            listing_visibility = mkOption { type = types.enum [ "unauth" "hidden" ]; default = "unauth"; };
            passthrough_request_headers = mkOption { type = with types; listOf str; default = []; };
            allowed_response_headers = mkOption { type = with types; listOf str; default = []; };
            token_type = mkOption { type = types.enum [ "default-service" "default-batch" "service" "batch" ]; default = "default-service"; };
          };
        };
      }));
    };
  };

  config = {
    resource = mkMerge (mapAttrsToList (name: cfg: {
      ${cfg.resourceType}.${name} = {
        inherit (cfg) type path;
        tune = [cfg.tune];
      };
    }) config.my.authBackend);
  };
}
ops/vault/cfg: initial configuration 2022-03-14 23:34:33 +00:00			`{ config, lib, ... }:`

			`let`
			`inherit (lib) types mkOption mapAttrsToList mkMerge;`
			`in {`
			`options = {`
			`my.authBackend = mkOption {`
			`default = {};`
			`type = types.attrsOf (types.submodule ({ name, ... }: {`
			`options = {`
			`type = mkOption { type = types.str; default = name; };`
			`path = mkOption { type = types.str; default = name; };`
			`resourceType = mkOption { type = types.str; default = "vault_auth_backend"; };`

			`tune = {`
			`default_lease_ttl = mkOption { type = with types; nullOr str; default = null; };`
			`max_lease_ttl = mkOption { type = with types; nullOr str; default = null; };`
			`audit_non_hmac_response_keys = mkOption { type = with types; listOf str; default = []; };`
			`audit_non_hmac_request_keys = mkOption { type = with types; listOf str; default = []; };`
			`listing_visibility = mkOption { type = types.enum [ "unauth" "hidden" ]; default = "unauth"; };`
			`passthrough_request_headers = mkOption { type = with types; listOf str; default = []; };`
			`allowed_response_headers = mkOption { type = with types; listOf str; default = []; };`
			`token_type = mkOption { type = types.enum [ "default-service" "default-batch" "service" "batch" ]; default = "default-service"; };`
			`};`
			`};`
			`}));`
			`};`
			`};`

			`config = {`
			`resource = mkMerge (mapAttrsToList (name: cfg: {`
			`${cfg.resourceType}.${name} = {`
			`inherit (cfg) type path;`
			`tune = [cfg.tune];`
			`};`
			`}) config.my.authBackend);`
			`};`
			`}`