feat: add pre-commit check in ci

- add a ci workflow to verify pre-commit passes - fix pre-commit errors/warnings: - missing required_version - missing required_providers - fixed terraform_deprecated_interpolation - removed terraform_unused_declarations
2026-02-28 20:57:16 +11:00
4 changed files with 19 additions and 5 deletions
--- a/modules/vault_cluster/main.tf
+++ b/modules/vault_cluster/main.tf
@ -263,11 +263,12 @@ module "consul_secret_backend_role" {

  for_each = var.consul_secret_backend_role

-  name    = each.value.name
-  backend = each.value.backend
-  ttl     = each.value.ttl
-  max_ttl = each.value.max_ttl
-  local   = each.value.local
+  name         = each.value.name
+  backend      = each.value.backend
+  consul_roles = each.value.consul_roles
+  ttl          = each.value.ttl
+  max_ttl      = each.value.max_ttl
+  local        = each.value.local

  depends_on = [module.consul_secret_backend, module.consul_acl_management]
 }
@ -320,6 +321,7 @@ module "pki_mount_only" {
  path                          = each.key
  description                   = each.value.description
  max_lease_ttl_seconds         = each.value.max_lease_ttl_seconds
+  issuer_ref                    = each.value.issuer_ref
  issuing_certificates          = each.value.issuing_certificates
  crl_distribution_points       = each.value.crl_distribution_points
  ocsp_servers                  = each.value.ocsp_servers
--- a/modules/vault_cluster/modules/consul_secret_backend_role/variables.tf
+++ b/modules/vault_cluster/modules/consul_secret_backend_role/variables.tf
@ -9,6 +9,12 @@ variable "name" {
 }


+variable "consul_roles" {
+  description = "List of Consul roles to attach to tokens"
+  type        = list(string)
+  default     = []
+}
+

 variable "ttl" {
  description = "TTL for generated tokens"
--- a/modules/vault_cluster/modules/pki_mount_only/variables.tf
+++ b/modules/vault_cluster/modules/pki_mount_only/variables.tf
@ -13,6 +13,11 @@ variable "max_lease_ttl_seconds" {
  type        = number
 }

+variable "issuer_ref" {
+  description = "Reference to the PKI issuer (default, or issuer ID/name)"
+  type        = string
+  default     = "default"
+}

 variable "issuing_certificates" {
  description = "List of URLs for issuing certificates"
--- a/modules/vault_cluster/variables.tf
+++ b/modules/vault_cluster/variables.tf
@ -203,6 +203,7 @@ variable "pki_mount_only" {
  type = map(object({
    description                   = optional(string)
    max_lease_ttl_seconds         = optional(number, 315360000)
+    issuer_ref                    = optional(string, "default")
    issuing_certificates          = optional(list(string), [])
    crl_distribution_points       = optional(list(string), [])
    ocsp_servers                  = optional(list(string), [])