feat: add vault and consul roles for terraform-git (#73)
ci/woodpecker/push/apply Pipeline was successful

## Summary
- Add K8s auth role woodpecker_terraform_git for CI pipeline authentication
- Add consul secret backend role terraform-git for consul state storage tokens
- Add consul ACL policy granting write access to infra/terraform/git/ key prefix
- Add vault policy for reading consul creds at consul_root/au/syd1/creds/terraform-git

## Test plan
- [ ] Verify terragrunt plan succeeds
- [ ] Verify consul ACL policy is created correctly
- [ ] Verify K8s auth role can authenticate from woodpecker namespace

Reviewed-on: #73
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
This commit was merged in pull request #73.
This commit is contained in:
2026-06-07 20:36:35 +10:00
committed by BenVincent
parent 3876fa818d
commit 1288057b81
4 changed files with 28 additions and 0 deletions
@@ -0,0 +1,9 @@
---
rules:
- path: "consul_root/au/syd1/creds/terraform-git"
capabilities:
- read
auth:
k8s/au/syd1:
- woodpecker_terraform_git