2025-11-16 13:37:55 +11:00
11 changed files with 25 additions and 13 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,12 @@
+repos:
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.30
+    hooks:
+      - id: terraform-fmt
+      - id: terraform-validate
+      - id: tflint
+      - id: terragrunt-hcl-fmt
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.37.1
+    hooks:
+      - id: yamllint
--- a/policies/auth/token/auth_token_self.hcl
+++ b/policies/auth/token/auth_token_self.hcl
@ -5,10 +5,10 @@ path "auth/token/lookup-self" {

 # Allow tokens to renew themselves
 path "auth/token/renew-self" {
-    capabilities = ["update"]
+  capabilities = ["update"]
 }

 # Allow tokens to revoke themselves
 path "auth/token/revoke-self" {
-    capabilities = ["update"]
+  capabilities = ["update"]
 }
--- a/policies/kv/service/glauth/services/svc_vault_read.hcl
+++ b/policies/kv/service/glauth/services/svc_vault_read.hcl
@ -1,3 +1,3 @@
 path "kv/data/service/glauth/services/svc_vault" {
-    capabilities = ["list", "read"]
+  capabilities = ["list", "read"]
 }
--- a/policies/kv/service/packer/packer_builder.hcl
+++ b/policies/kv/service/packer/packer_builder.hcl
@ -1,6 +1,6 @@
 path "kv/data/service/packer/builder/env" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
 path "kv/data/service/packer/builder/docker-incus-client" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
--- a/policies/kv/service/puppet/certificates/terraform_puppet_cert.hcl
+++ b/policies/kv/service/puppet/certificates/terraform_puppet_cert.hcl
@ -1,6 +1,6 @@
 path "kv/data/service/puppet/certificates/terraform" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
 path "kv/data/service/puppet/certificates/ca" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
--- a/policies/kv/service/puppetapi/puppetapi_read_tokens.hcl
+++ b/policies/kv/service/puppetapi/puppetapi_read_tokens.hcl
@ -1,3 +1,3 @@
 path "kv/data/service/puppetapi/tokens" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
--- a/policies/kv/service/terraform/incus.hcl
+++ b/policies/kv/service/terraform/incus.hcl
@ -1,3 +1,3 @@
 path "kv/data/service/terraform/incus" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
--- a/policies/kv/service/terraform/nomad.hcl
+++ b/policies/kv/service/terraform/nomad.hcl
@ -1,3 +1,3 @@
 path "kv/data/service/terraform/nomad" {
-    capabilities = ["read"]
+  capabilities = ["read"]
 }
--- a/policies/ssh-host-signer/sshsign-host-policy.hcl
+++ b/policies/ssh-host-signer/sshsign-host-policy.hcl
@ -1,3 +1,3 @@
 path "ssh-host-signer/sign/hostrole" {
-    capabilities = ["create", "update"]
+  capabilities = ["create", "update"]
 }
--- a/policies/ssh-host-signer/sshsigner.hcl
+++ b/policies/ssh-host-signer/sshsigner.hcl
@ -1,3 +1,3 @@
 path "ssh-host-signer/sign/hostrole" {
-    capabilities = ["create", "update"]
+  capabilities = ["create", "update"]
 }
--- a/policies/sshca/sshca_signhost.hcl
+++ b/policies/sshca/sshca_signhost.hcl
@ -1,3 +1,3 @@
 path "sshca/sign/host" {
-    capabilities = ["create", "update"]
+  capabilities = ["create", "update"]
 }