feat: major restructuring in migration to terragrunt

- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
This commit is contained in:
2026-01-04 23:31:42 +11:00
parent bd112181f5
commit 8070b6f66b
245 changed files with 3943 additions and 985 deletions
@@ -1,7 +0,0 @@
path "auth/token/create" {
capabilities = ["create", "read", "update", "list"]
}
path "auth/token/*" {
capabilities = ["create", "update"]
}
@@ -1,4 +0,0 @@
# Allow listing and reading tokens
path "auth/token/lookup" {
capabilities = ["read", "list"]
}
-4
View File
@@ -1,4 +0,0 @@
# Allow renewing tokens
path "auth/token/renew" {
capabilities = ["update"]
}
@@ -1,3 +0,0 @@
path "auth/token/roles/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
-14
View File
@@ -1,14 +0,0 @@
# Allow tokens to query themselves
path "auth/token/lookup-self" {
capabilities = ["read"]
}
# Allow tokens to renew themselves
path "auth/token/renew-self" {
capabilities = ["update"]
}
# Allow tokens to revoke themselves
path "auth/token/revoke-self" {
capabilities = ["update"]
}
+17
View File
@@ -0,0 +1,17 @@
# Allow token creation and management
---
rules:
- path: "auth/token/create"
capabilities:
- create
- read
- update
- list
- path: "auth/token/*"
capabilities:
- create
- update
auth:
approle:
- tf_vault
+11
View File
@@ -0,0 +1,11 @@
# Allow listing and reading tokens
---
rules:
- path: "auth/token/lookup"
capabilities:
- read
- list
auth:
approle:
- tf_vault
+10
View File
@@ -0,0 +1,10 @@
# Allow renewing tokens
---
rules:
- path: "auth/token/renew"
capabilities:
- update
auth:
approle:
- tf_vault
+14
View File
@@ -0,0 +1,14 @@
# Allow administration of token roles
---
rules:
- path: "auth/token/roles/*"
capabilities:
- create
- read
- update
- delete
- list
auth:
approle:
- tf_vault
+16
View File
@@ -0,0 +1,16 @@
# Allow tokens to query themselves
---
rules:
- path: "auth/token/lookup-self"
capabilities:
- read
- path: "auth/token/renew-self"
capabilities:
- update
- path: "auth/token/revoke-self"
capabilities:
- update
auth:
approle:
- tf_vault