feat: major restructuring in migration to terragrunt
- migrate from individual terraform files to config-driven terragrunt module structure - add vault_cluster module with config discovery system - replace individual .tf files with centralized config.hcl - restructure auth and secret backends as configurable modules - move auth roles and secret backends to yaml-based configuration - convert policies from .hcl to .yaml format, add rules/auth definition - add pre-commit hooks for yaml formatting and file cleanup - add terragrunt cache to gitignore - update makefile with terragrunt commands and format target
This commit is contained in:
@@ -0,0 +1,60 @@
|
||||
include "root" {
|
||||
path = find_in_parent_folders("root.hcl")
|
||||
expose = true
|
||||
}
|
||||
|
||||
include "config" {
|
||||
path = "${get_repo_root()}/config/config.hcl"
|
||||
expose = true
|
||||
}
|
||||
|
||||
include "policies" {
|
||||
path = "${get_repo_root()}/policies/policies.hcl"
|
||||
expose = true
|
||||
}
|
||||
|
||||
locals {
|
||||
# Extract country and region from path
|
||||
path_parts = split("/", dirname(get_terragrunt_dir()))
|
||||
country = basename(dirname(get_terragrunt_dir())) # "au"
|
||||
region = basename(get_terragrunt_dir()) # "syd1"
|
||||
|
||||
# Include configuration from config.hcl
|
||||
config = include.config.locals.config
|
||||
|
||||
# Include policies from policies.hcl
|
||||
policies = include.policies.locals
|
||||
}
|
||||
|
||||
terraform {
|
||||
source = "../../../modules/vault_cluster"
|
||||
}
|
||||
|
||||
inputs = {
|
||||
country = local.country
|
||||
region = local.region
|
||||
|
||||
# Pass configuration maps to vault_cluster module
|
||||
auth_approle_backend = local.config.auth_approle_backend
|
||||
auth_approle_role = local.config.auth_approle_role
|
||||
auth_ldap_backend = local.config.auth_ldap_backend
|
||||
auth_ldap_group = local.config.auth_ldap_group
|
||||
auth_kubernetes_backend = local.config.auth_kubernetes_backend
|
||||
auth_kubernetes_role = local.config.auth_kubernetes_role
|
||||
kv_secret_backend = local.config.kv_secret_backend
|
||||
transit_secret_backend = local.config.transit_secret_backend
|
||||
transit_secret_backend_key = local.config.transit_secret_backend_key
|
||||
ssh_secret_backend = local.config.ssh_secret_backend
|
||||
ssh_secret_backend_role = local.config.ssh_secret_backend_role
|
||||
pki_secret_backend = local.config.pki_secret_backend
|
||||
pki_secret_backend_role = local.config.pki_secret_backend_role
|
||||
consul_secret_backend = local.config.consul_secret_backend
|
||||
consul_secret_backend_role = local.config.consul_secret_backend_role
|
||||
kubernetes_secret_backend = local.config.kubernetes_secret_backend
|
||||
kubernetes_secret_backend_role = local.config.kubernetes_secret_backend_role
|
||||
pki_mount_only = local.config.pki_mount_only
|
||||
|
||||
# Pass policy maps to vault_cluster module
|
||||
policy_auth_map = local.policies.policy_auth_map
|
||||
policy_rules_map = local.policies.policy_rules_map
|
||||
}
|
||||
Reference in New Issue
Block a user