From 23e3fb88eaac9bc726f3c04144522e6fc5fb054f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 10 Jul 2025 21:49:36 +1000 Subject: [PATCH] feat: add new puppetca - update puppetmaster/puppetca cidrs --- auth_approle_certmanager.tf | 16 ++++++---------- auth_approle_puppetapi.tf | 16 ++++++---------- auth_approle_sshsign-host-role.tf | 16 ++++++---------- auth_approle_sshsigner.tf | 16 ++++++---------- 4 files changed, 24 insertions(+), 40 deletions(-) diff --git a/auth_approle_certmanager.tf b/auth_approle_certmanager.tf index 20bc4f8..cfd8191 100644 --- a/auth_approle_certmanager.tf +++ b/auth_approle_certmanager.tf @@ -5,15 +5,11 @@ resource "vault_approle_auth_backend_role" "certmanager" { token_ttl = 30 token_max_ttl = 30 token_bound_cidrs = [ - "198.18.17.3/32", - "198.18.13.32/32", - "198.18.13.33/32", - "198.18.13.34/32", - "198.18.13.46/32", - "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net - "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net - "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net - "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net - "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net + "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net + "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net + "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net + "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.29.239/32", # ausyd1nxvm2097.main.unkin.net ] } diff --git a/auth_approle_puppetapi.tf b/auth_approle_puppetapi.tf index 9b65de6..60d204d 100644 --- a/auth_approle_puppetapi.tf +++ b/auth_approle_puppetapi.tf @@ -5,15 +5,11 @@ resource "vault_approle_auth_backend_role" "puppetapi" { token_ttl = 30 token_max_ttl = 30 token_bound_cidrs = [ - "198.18.17.3/32", - "198.18.13.32/32", - "198.18.13.33/32", - "198.18.13.34/32", - "198.18.13.46/32", - "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net - "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net - "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net - "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net - "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net + "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net + "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net + "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net + "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.29.239/32", # ausyd1nxvm2097.main.unkin.net ] } diff --git a/auth_approle_sshsign-host-role.tf b/auth_approle_sshsign-host-role.tf index 9cb9520..8d7aacc 100644 --- a/auth_approle_sshsign-host-role.tf +++ b/auth_approle_sshsign-host-role.tf @@ -5,15 +5,11 @@ resource "vault_approle_auth_backend_role" "sshsign-host-role" { token_ttl = 30 token_max_ttl = 30 token_bound_cidrs = [ - "198.18.17.3/32", - "198.18.13.32/32", - "198.18.13.33/32", - "198.18.13.34/32", - "198.18.13.46/32", - "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net - "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net - "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net - "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net - "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net + "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net + "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net + "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net + "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.29.239/32", # ausyd1nxvm2097.main.unkin.net ] } diff --git a/auth_approle_sshsigner.tf b/auth_approle_sshsigner.tf index 26e5a73..ba6509c 100644 --- a/auth_approle_sshsigner.tf +++ b/auth_approle_sshsigner.tf @@ -8,15 +8,11 @@ resource "vault_approle_auth_backend_role" "sshsigner" { token_ttl = 30 token_max_ttl = 30 token_bound_cidrs = [ - "198.18.17.3/32", - "198.18.13.32/32", - "198.18.13.33/32", - "198.18.13.34/32", - "198.18.13.46/32", - "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net - "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net - "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net - "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net - "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.25.5/32", # ausyd1nxvm2052.main.unkin.net + "198.18.26.3/32", # ausyd1nxvm2053.main.unkin.net + "198.18.27.89/32", # ausyd1nxvm2054.main.unkin.net + "198.18.28.8/32", # ausyd1nxvm2055.main.unkin.net + "198.18.29.33/32", # ausyd1nxvm2056.main.unkin.net + "198.18.29.239/32", # ausyd1nxvm2097.main.unkin.net ] } -- 2.47.3