unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
130 Commits 1 Branch 0 Tags 372 KiB
master
Commit Graph

6 Commits

Author SHA1 Message Date
Ben Vincent
dca26029c0 feat: add terraform-ldap service 
- add consul role/policy/acls to allow terraform-ldap state management
- add approle to generate tokens for consul
 2026-02-15 13:38:31 +11:00
Ben Vincent
5536869a38 feat: implement consul ACL management with provider aliases 
This commit message captures the major architectural change of implementing Consul ACL management
with proper provider aliasing, along with the supporting configuration files and policy definitions
for various terraform services.

- add consul_acl_management module to manage consul acl policies and roles
- add consul backend roles and policies for terraform services (incus, k8s, nomad, repoflow, vault)
- add consul provider configuration to root.hcl
- add policies to generate credentials for each role
- simplify consul_secret_backend_role module to reference acl-managed roles
- switch to opentofu for provider foreach support
- update terragrunt configuration to support consul backend aliases
- update pre-commit hooks to use opentofu instead of terraform
- configure tflint exceptions for consul acl management module
 2026-02-14 18:13:50 +11:00
Ben Vincent
75e9db1aa6 chore: add puppet k8s role 
- add role and policies
 2026-02-01 14:54:23 +11:00
Ben Vincent
8070b6f66b feat: major restructuring in migration to terragrunt 
- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
 2026-01-26 23:02:44 +11:00
Ben Vincent
c88b19a216 feat: label kubernetes ephemeral serviceaccounts 
- ensure all service accounts are labelled with role/cluster
- add additional api endpoints to cluster roles
 2025-12-07 12:41:37 +11:00
Ben Vincent
6624f7aed1 feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 
- Add Kubernetes secrets engine at kubernetes/au/syd1 path
  - Create four RBAC roles with external YAML configuration:
    * media-apps-operator: namespaced role for media-apps with selective permissions
    * cluster-operator: cluster-wide read-only access to specific API groups
    * cluster-admin: cluster-wide full access to specific API groups
    * cluster-root: cluster-wide superuser access to all resources
  - Add Vault policies for credential generation for each role
  - Add admin policies for kubernetes auth backend configuration and role management
  - Refactor kubernetes auth backend to use shared locals for CA certificate
  - Update terraform-vault approle with required kubernetes policies
 2025-11-27 23:22:13 +11:00