terraform-vault

Author	SHA1	Message	Date
Ben Vincent	5536869a38	feat: implement consul ACL management with provider aliases This commit message captures the major architectural change of implementing Consul ACL management with proper provider aliasing, along with the supporting configuration files and policy definitions for various terraform services. - add consul_acl_management module to manage consul acl policies and roles - add consul backend roles and policies for terraform services (incus, k8s, nomad, repoflow, vault) - add consul provider configuration to root.hcl - add policies to generate credentials for each role - simplify consul_secret_backend_role module to reference acl-managed roles - switch to opentofu for provider foreach support - update terragrunt configuration to support consul backend aliases - update pre-commit hooks to use opentofu instead of terraform - configure tflint exceptions for consul acl management module	2026-02-14 18:13:50 +11:00
Ben Vincent	f8f1185b42	Merge pull request 'chore: add puppet k8s role' (#46 ) from benvin/puppet_secrets into master Reviewed-on: #46	2026-02-01 14:54:45 +11:00
Ben Vincent	75e9db1aa6	chore: add puppet k8s role - add role and policies	2026-02-01 14:54:23 +11:00
Ben Vincent	f47804ffdf	Merge pull request 'chore: rancher pods use rancher service account' (#45 ) from benvin/rancher_role into master Reviewed-on: #45	2026-01-30 22:11:53 +11:00
Ben Vincent	24c124d6eb	chore: rancher pods use rancher service account - update bound service account names to be `rancher` - update namespace to cattle-system (do not run rancher in another namespace)	2026-01-30 22:11:08 +11:00
Ben Vincent	9d54b4cfcc	Merge pull request 'chore: add rancher role' (#44 ) from benvin/rancher_role into master Reviewed-on: #44	2026-01-30 19:46:19 +11:00
Ben Vincent	33af7010fb	chore: add rancher role - add kubernetes role for rancher - add policy to enable access to bootstrap-password	2026-01-30 19:43:06 +11:00
Ben Vincent	cb1b383035	Merge pull request 'feat: major restructuring in migration to terragrunt' (#43 ) from benvin/vault_terragrunt into master Reviewed-on: #43	2026-01-26 23:53:35 +11:00
Ben Vincent	f6d06cb319	chore: cleanup unused config data - remove token_policies from roles config data, this comes from policies.hcl inputs - remove policies from ldap groups - remove backend data from roles, this comes from config.hcl inputs	2026-01-26 23:51:50 +11:00
Ben Vincent	1c9e063310	Merge branch 'master' into benvin/vault_terragrunt	2026-01-26 23:07:13 +11:00
Ben Vincent	8070b6f66b	feat: major restructuring in migration to terragrunt - migrate from individual terraform files to config-driven terragrunt module structure - add vault_cluster module with config discovery system - replace individual .tf files with centralized config.hcl - restructure auth and secret backends as configurable modules - move auth roles and secret backends to yaml-based configuration - convert policies from .hcl to .yaml format, add rules/auth definition - add pre-commit hooks for yaml formatting and file cleanup - add terragrunt cache to gitignore - update makefile with terragrunt commands and format target	2026-01-26 23:02:44 +11:00
Ben Vincent	b115b7d28a	Merge pull request 'chore: add nzbget secrets' (#42 ) from benvin/nzbget into master Reviewed-on: #42	2026-01-26 18:31:48 +11:00
Ben Vincent	25e3d48337	chore: add nzbget secrets - add policy for nzbget secrets - enable the media-apps kubernetes role to use policy	2026-01-26 18:30:49 +11:00
Ben Vincent	fdc801739f	Merge pull request 'feat: add prowlarr access' (#41 ) from benvin/prowlarr_policy into master Reviewed-on: #41	2026-01-04 23:37:23 +11:00
Ben Vincent	56d858f900	feat: add prowlarr access - enable kubernetes access to prowlarr secrets	2026-01-04 23:36:43 +11:00
Ben Vincent	bd112181f5	Merge pull request 'feat: add policy to read terraform vars' (#40 ) from benvin/repoflow_terraform into master Reviewed-on: #40	2025-12-13 10:57:33 +11:00
Ben Vincent	4f185d5e28	feat: add policy to read terraform vars - read variables required for terraform-repoflow	2025-12-13 10:56:58 +11:00
Ben Vincent	65ad53e24c	Merge pull request 'feat: add repoflow service vault configuration' (#39 ) from benvin/repoflow into master Reviewed-on: #39	2025-12-13 10:13:33 +11:00
Ben Vincent	d217f6e42d	Merge pull request 'feat: add repoflow tokens' (#38 ) from benvin/repoflow_tokens into master Reviewed-on: #38	2025-12-13 10:10:07 +11:00
Ben Vincent	9814b8fc1a	feat: add repoflow tokens - add approle for terraform-repoflow - add policies to access repoflow tokens	2025-12-13 10:09:29 +11:00
Ben Vincent	7b81abfa9e	feat: add repoflow service vault configuration - add secrets for s3, elasticsearch, hasura, postgres and repoflow	2025-12-13 09:20:58 +11:00
Ben Vincent	2466a6fe5c	Merge pull request 'feat: label kubernetes ephemeral serviceaccounts' (#37 ) from benvin/k8s_roles_labelling into master Reviewed-on: #37	2025-12-07 12:42:45 +11:00
Ben Vincent	c88b19a216	feat: label kubernetes ephemeral serviceaccounts - ensure all service accounts are labelled with role/cluster - add additional api endpoints to cluster roles	2025-12-07 12:41:37 +11:00
Ben Vincent	3bada72838	Merge pull request 'chore: allow long lines in yamllint' (#36 ) from benvin/yamlint-args into master Reviewed-on: #36	2025-12-01 21:51:11 +11:00
Ben Vincent	8961ba3748	chore: allow long lines in yamllint	2025-12-01 21:50:49 +11:00
Ben Vincent	26b3ee84d6	Merge pull request 'chore: fix policies for rpmbuilder' (#35 ) from benvin/fix_rpmbuilder into master Reviewed-on: #35	2025-11-30 21:24:52 +11:00
Ben Vincent	0776fac6eb	chore: fix policies for rpmbuilder - missed the `/read` on the end	2025-11-30 21:24:06 +11:00
Ben Vincent	3a2ecc9b23	Merge pull request 'feat: add rpmbuilder approle' (#34 ) from benvin/rpmbuilder into master Reviewed-on: #34	2025-11-29 18:01:37 +11:00
Ben Vincent	5afd1ad9c1	feat: add rpmbuilder approle - add rpmbuilder approle - add policies to acces gitea/github read-only tokens	2025-11-29 18:00:20 +11:00
Ben Vincent	756286c231	chore: update name, role type for k8s - ensure cluster roles are able to be created as ClusterRole - prefix all vault managed roles with `vault-`	2025-11-29 00:09:57 +11:00
Ben Vincent	9cc482d471	Merge pull request 'feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster' (#33 ) from benvin/au-syd1-k8s-roles into master Reviewed-on: #33	2025-11-27 23:31:04 +11:00
Ben Vincent	6624f7aed1	feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster - Add Kubernetes secrets engine at kubernetes/au/syd1 path - Create four RBAC roles with external YAML configuration: * media-apps-operator: namespaced role for media-apps with selective permissions * cluster-operator: cluster-wide read-only access to specific API groups * cluster-admin: cluster-wide full access to specific API groups * cluster-root: cluster-wide superuser access to all resources - Add Vault policies for credential generation for each role - Add admin policies for kubernetes auth backend configuration and role management - Refactor kubernetes auth backend to use shared locals for CA certificate - Update terraform-vault approle with required kubernetes policies	2025-11-27 23:22:13 +11:00
Ben Vincent	ad1118af85	Merge pull request 'chore: remove references k8s pki policy' (#32 ) from benvin/cleanup_k8s_pki_policy_reference into master Reviewed-on: #32	2025-11-27 21:08:29 +11:00
Ben Vincent	cafa887cdc	chore: remove references k8s pki policy - missed from previous pr - policy no longer exists, remove it from the approle	2025-11-27 21:07:50 +11:00
Ben Vincent	f10f96d19c	Merge pull request 'feat: move state path in consul' (#31 ) from benvin/move-state-path into master Reviewed-on: #31	2025-11-27 21:05:55 +11:00
Ben Vincent	da0e0e4239	feat: move state path in consul - move state to the infra/terraform/vault subdir	2025-11-27 21:04:44 +11:00
Ben Vincent	2efbf7cc6e	Merge pull request 'chore: remove k8s pki policy' (#30 ) from benvin/cleanup_k8s_pki into master Reviewed-on: #30	2025-11-27 20:43:08 +11:00
Ben Vincent	b9deb02cfb	chore: remove k8s pki policy - k8s pki engine was removed some time ago - also cleanup policy files	2025-11-27 20:42:27 +11:00
Ben Vincent	391c77d30b	Merge pull request 'feat: add media-apps integration with vault' (#29 ) from benvin/media_apps_k8s into master Reviewed-on: #29	2025-11-27 20:41:52 +11:00
Ben Vincent	6353ac6bbc	feat: add media-apps integration with vault - add kubernetes auth role for media-apps - add policies to read radarr/sonarr secrets	2025-11-27 20:40:54 +11:00
Ben Vincent	605aa204a9	Merge pull request 'chore: update k8s csi roles' (#28 ) from benvin/ceph-csi-changes into master Reviewed-on: #28	2025-11-26 21:01:58 +11:00
Ben Vincent	4cf1b43960	chore: update k8s csi roles - ensure the new service accounts can read cephrbd/cephfs - ensure correct namespace is allowed	2025-11-26 21:01:31 +11:00
Ben Vincent	f217dbaeca	Merge pull request 'feat: manage k8s auth role integration' (#27 ) from benvin/k8s_roles_integration into master Reviewed-on: #27	2025-11-22 23:23:13 +11:00
Ben Vincent	7814551084	feat: manage k8s auth role integration - add policies to sign/issue certificates - manage auth roles for ceph-csi, certmanager, externaldns, huntarr	2025-11-22 23:21:43 +11:00
Ben Vincent	85cda88a3b	Merge pull request 'chore: fix kubernetes_host' (#26 ) from benvin/kubernetes_host into master Reviewed-on: #26	2025-11-16 16:50:13 +11:00
Ben Vincent	02654ac32a	chore: fix kubernetes_host - correct hostname to match `kubectl cluster-info` - fix formatting with terraform fmt	2025-11-16 16:49:04 +11:00
Ben Vincent	c3c1cb660a	Merge pull request 'benvin/pre-commit' (#25 ) from benvin/pre-commit into master Reviewed-on: #25	2025-11-16 13:37:55 +11:00
Ben Vincent	5cbd5815a0	chore: format policy files - ensure all policy files are correctly formatted	2025-11-16 13:35:10 +11:00
Ben Vincent	6d84efe81e	feat: add pre-commit - ran 'pre-commit install' - add pre-commit configuration - test yaml + terraform related checks - terragrunt-hcl-fmt for policy hcl files	2025-11-16 13:31:16 +11:00
Ben Vincent	9ff6cf7de7	Merge pull request 'chore: add terraform required version' (#24 ) from benvin/terraform_required_version into master Reviewed-on: #24	2025-11-16 13:13:44 +11:00

1 2 3

103 Commits