feat: major restructuring in migration to terragrunt
- migrate from individual terraform files to config-driven terragrunt module structure - add vault_cluster module with config discovery system - replace individual .tf files with centralized config.hcl - restructure auth and secret backends as configurable modules - move auth roles and secret backends to yaml-based configuration - convert policies from .hcl to .yaml format, add rules/auth definition - add pre-commit hooks for yaml formatting and file cleanup - add terragrunt cache to gitignore - update makefile with terragrunt commands and format target
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
locals {
|
||||
# Auto-generate role rules path: resources/secret_backend/{backend_path}/roles/{role_name}.yaml
|
||||
role_rules_file = "resources/secret_backend/${var.backend}/roles/${var.name}.yaml"
|
||||
|
||||
# Auto-generate extra labels based on country/region and role name
|
||||
auto_labels = merge(var.extra_labels, {
|
||||
vault-region = "${var.country}-${var.region}"
|
||||
vault-role = var.name
|
||||
})
|
||||
}
|
||||
|
||||
resource "vault_kubernetes_secret_backend_role" "role" {
|
||||
backend = var.backend
|
||||
name = var.name
|
||||
allowed_kubernetes_namespaces = var.allowed_kubernetes_namespaces
|
||||
kubernetes_role_type = var.kubernetes_role_type
|
||||
generated_role_rules = file("${path.module}/../../../../../../../../${local.role_rules_file}")
|
||||
extra_labels = local.auto_labels
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
variable "country" {
|
||||
description = "Country identifier"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region identifier"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "backend" {
|
||||
description = "The unique path where the Kubernetes backend is mounted"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "The name of the role"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "allowed_kubernetes_namespaces" {
|
||||
description = "List of allowed Kubernetes namespaces"
|
||||
type = list(string)
|
||||
default = ["*"]
|
||||
}
|
||||
|
||||
variable "kubernetes_role_type" {
|
||||
description = "Type of Kubernetes role (Role or ClusterRole)"
|
||||
type = string
|
||||
default = "Role"
|
||||
}
|
||||
|
||||
variable "extra_labels" {
|
||||
description = "Additional labels to apply to generated Kubernetes objects"
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
Reference in New Issue
Block a user