feat: use ephemeral consul token

- add vault_env to makefile
- retrieve a consul_http_token on demand from vault

Makefile

@@ -1,26 +1,23 @@
 .PHONY: init plan apply format
 
-#init:
+# Define vault_env function to set up vault environment
-#	@echo "Sourcing environment and initializing Terraform..."
+define vault_env
-#	@source ./env && terraform init
+	@export VAULT_ADDR="https://vault.service.consul:8200" && \
-#
+	export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID) && \
-#plan:
+	export CONSUL_HTTP_TOKEN=$$(vault read -format=json consul_root/au/syd1/creds/terraform-vault | jq '.data.token')
-#	@echo "Sourcing environment and planning Terraform changes..."
+endef
-#	@source ./env && terraform plan
-#
-#apply:
-#	@echo "Sourcing environment and applying Terraform changes..."
-#	@source ./env && terraform apply -auto-approve
-
 
 init:
-	@terragrunt run --all --non-interactive init -- -upgrade
+	@$(call vault_env) && \
+	terragrunt run --all --non-interactive init -- -upgrade
 
 plan: init
-	@terragrunt run --all --parallelism 4 --non-interactive plan
+	@$(call vault_env) && \
+	terragrunt run --all --parallelism 4 --non-interactive plan
 
 apply: init
-	@terragrunt run --all --parallelism 2 --non-interactive apply
+	@$(call vault_env) && \
+	terragrunt run --all --parallelism 2 --non-interactive apply
 
 format:
 	@echo "Formatting OpenTofu files..."