From 5cdf6b410d0e9c66688ea575666b8d00aefdd167 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 14 Feb 2026 18:59:05 +1100 Subject: [PATCH] feat: use ephemeral consul token - add vault_env to makefile - retrieve a consul_http_token on demand from vault --- Makefile | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 7f5eb89..f015a2a 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,23 @@ .PHONY: init plan apply format -#init: -# @echo "Sourcing environment and initializing Terraform..." -# @source ./env && terraform init -# -#plan: -# @echo "Sourcing environment and planning Terraform changes..." -# @source ./env && terraform plan -# -#apply: -# @echo "Sourcing environment and applying Terraform changes..." -# @source ./env && terraform apply -auto-approve - +# Define vault_env function to set up vault environment +define vault_env + @export VAULT_ADDR="https://vault.service.consul:8200" && \ + export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID) && \ + export CONSUL_HTTP_TOKEN=$$(vault read -format=json consul_root/au/syd1/creds/terraform-vault | jq '.data.token') +endef init: - @terragrunt run --all --non-interactive init -- -upgrade + @$(call vault_env) && \ + terragrunt run --all --non-interactive init -- -upgrade plan: init - @terragrunt run --all --parallelism 4 --non-interactive plan + @$(call vault_env) && \ + terragrunt run --all --parallelism 4 --non-interactive plan apply: init - @terragrunt run --all --parallelism 2 --non-interactive apply + @$(call vault_env) && \ + terragrunt run --all --parallelism 2 --non-interactive apply format: @echo "Formatting OpenTofu files..."