Compare commits
No commits in common. "dc257b1bcdd354bffe9f6fb4046c60c2e41073e4" and "9e6de4dc320ad6d7b2d53177691b5e06c0f20a34" have entirely different histories.
dc257b1bcd
...
9e6de4dc32
@ -1,9 +0,0 @@
|
||||
when:
|
||||
- event: pull_request
|
||||
|
||||
steps:
|
||||
- name: pre-commit
|
||||
image: git.unkin.net/unkin/almalinux9-base:latest
|
||||
commands:
|
||||
- dnf install uv opentofu terragrunt tflint -y
|
||||
- uvx pre-commit run --all-files
|
||||
@ -1,11 +0,0 @@
|
||||
rule "terraform_required_providers" {
|
||||
enabled = false
|
||||
}
|
||||
|
||||
rule "terraform_required_version" {
|
||||
enabled = false
|
||||
}
|
||||
|
||||
rule "terraform_unused_declarations" {
|
||||
enabled = false
|
||||
}
|
||||
@ -3,6 +3,8 @@ module "auth_approle_backend" {
|
||||
|
||||
for_each = var.auth_approle_backend
|
||||
|
||||
country = var.country
|
||||
region = var.region
|
||||
path = each.key
|
||||
listing_visibility = each.value.listing_visibility
|
||||
default_lease_ttl = each.value.default_lease_ttl
|
||||
@ -184,6 +186,7 @@ module "pki_secret_backend" {
|
||||
crl_distribution_points = each.value.crl_distribution_points
|
||||
ocsp_servers = each.value.ocsp_servers
|
||||
enable_templating = each.value.enable_templating
|
||||
default_issuer_ref = each.value.default_issuer_ref
|
||||
default_follows_latest_issuer = each.value.default_follows_latest_issuer
|
||||
crl_expiry = each.value.crl_expiry
|
||||
crl_disable = each.value.crl_disable
|
||||
@ -263,11 +266,12 @@ module "consul_secret_backend_role" {
|
||||
|
||||
for_each = var.consul_secret_backend_role
|
||||
|
||||
name = each.value.name
|
||||
backend = each.value.backend
|
||||
ttl = each.value.ttl
|
||||
max_ttl = each.value.max_ttl
|
||||
local = each.value.local
|
||||
name = each.value.name
|
||||
backend = each.value.backend
|
||||
consul_roles = each.value.consul_roles
|
||||
ttl = each.value.ttl
|
||||
max_ttl = each.value.max_ttl
|
||||
local = each.value.local
|
||||
|
||||
depends_on = [module.consul_secret_backend, module.consul_acl_management]
|
||||
}
|
||||
@ -320,6 +324,7 @@ module "pki_mount_only" {
|
||||
path = each.key
|
||||
description = each.value.description
|
||||
max_lease_ttl_seconds = each.value.max_lease_ttl_seconds
|
||||
issuer_ref = each.value.issuer_ref
|
||||
issuing_certificates = each.value.issuing_certificates
|
||||
crl_distribution_points = each.value.crl_distribution_points
|
||||
ocsp_servers = each.value.ocsp_servers
|
||||
|
||||
@ -8,4 +8,4 @@ resource "vault_auth_backend" "approle" {
|
||||
max_lease_ttl = var.max_lease_ttl
|
||||
listing_visibility = var.listing_visibility
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,3 +1,13 @@
|
||||
variable "country" {
|
||||
description = "Country identifier"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region identifier"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "path" {
|
||||
description = "Mount path of the AppRole auth backend"
|
||||
type = string
|
||||
@ -24,4 +34,4 @@ variable "max_lease_ttl" {
|
||||
description = "Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
}
|
||||
@ -16,7 +16,7 @@ data "vault_kv_secret_v2" "role_config" {
|
||||
locals {
|
||||
salt = data.vault_kv_secret_v2.salt_config.data["salt"]
|
||||
role_id_input = "${local.salt}-${var.approle_name}-${var.mount_path}"
|
||||
deterministic_role_id = uuidv5("dns", local.role_id_input)
|
||||
deterministic_role_id = uuidv5("dns", "${local.role_id_input}")
|
||||
|
||||
# Use deterministic role-id by default, or read from KV if specified
|
||||
role_id = var.use_deterministic_role_id ? local.deterministic_role_id : data.vault_kv_secret_v2.role_config[0].data["role_id"]
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -4,4 +4,4 @@ rule "terraform_required_providers" {
|
||||
|
||||
rule "terraform_required_version" {
|
||||
enabled = false
|
||||
}
|
||||
}
|
||||
@ -1,13 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
consul = {
|
||||
source = "hashicorp/consul"
|
||||
version = "2.23.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -9,6 +9,12 @@ variable "name" {
|
||||
}
|
||||
|
||||
|
||||
variable "consul_roles" {
|
||||
description = "List of Consul roles to attach to tokens"
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
|
||||
variable "ttl" {
|
||||
description = "TTL for generated tokens"
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -5,6 +5,11 @@ resource "vault_mount" "pki" {
|
||||
max_lease_ttl_seconds = var.max_lease_ttl_seconds
|
||||
}
|
||||
|
||||
data "vault_pki_secret_backend_issuer" "issuer" {
|
||||
backend = vault_mount.pki.path
|
||||
issuer_ref = var.issuer_ref
|
||||
}
|
||||
|
||||
resource "vault_pki_secret_backend_config_urls" "config_urls" {
|
||||
backend = vault_mount.pki.path
|
||||
|
||||
@ -30,4 +35,4 @@ resource "vault_pki_secret_backend_crl_config" "crl" {
|
||||
auto_rebuild = var.auto_rebuild
|
||||
enable_delta = var.enable_delta
|
||||
delta_rebuild_interval = var.delta_rebuild_interval
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -13,6 +13,11 @@ variable "max_lease_ttl_seconds" {
|
||||
type = number
|
||||
}
|
||||
|
||||
variable "issuer_ref" {
|
||||
description = "Reference to the PKI issuer (default, or issuer ID/name)"
|
||||
type = string
|
||||
default = "default"
|
||||
}
|
||||
|
||||
variable "issuing_certificates" {
|
||||
description = "List of URLs for issuing certificates"
|
||||
@ -84,4 +89,4 @@ variable "delta_rebuild_interval" {
|
||||
description = "Delta CRL rebuild interval"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -61,6 +61,12 @@ variable "enable_templating" {
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "default_issuer_ref" {
|
||||
description = "Reference to the default issuer"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "default_follows_latest_issuer" {
|
||||
description = "Whether the default issuer should follow the latest issuer"
|
||||
type = bool
|
||||
@ -101,4 +107,4 @@ variable "delta_rebuild_interval" {
|
||||
description = "Delta CRL rebuild interval"
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,9 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "5.6.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -166,6 +166,7 @@ variable "pki_secret_backend" {
|
||||
crl_distribution_points = optional(list(string), [])
|
||||
ocsp_servers = optional(list(string), [])
|
||||
enable_templating = optional(bool, false)
|
||||
default_issuer_ref = optional(string)
|
||||
default_follows_latest_issuer = optional(bool, false)
|
||||
crl_expiry = optional(string, "72h")
|
||||
crl_disable = optional(bool, false)
|
||||
@ -203,6 +204,7 @@ variable "pki_mount_only" {
|
||||
type = map(object({
|
||||
description = optional(string)
|
||||
max_lease_ttl_seconds = optional(number, 315360000)
|
||||
issuer_ref = optional(string, "default")
|
||||
issuing_certificates = optional(list(string), [])
|
||||
crl_distribution_points = optional(list(string), [])
|
||||
ocsp_servers = optional(list(string), [])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user