.PHONY: init plan apply format VAULT_AUTH_METHOD ?= approle VAULT_K8S_ROLE ?= woodpecker_terraform_vault VAULT_K8S_MOUNT ?= auth/k8s/au/syd1 VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token # Define vault_env function to set up vault environment define vault_env @export VAULT_ADDR="https://vault.service.consul:8200" && \ if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \ export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \ else \ export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \ fi && \ export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-vault) endef init: @$(call vault_env) && \ terragrunt run --all --non-interactive init -- -upgrade plan: init @$(call vault_env) && \ terragrunt run --all --parallelism 4 --non-interactive plan apply: init @$(call vault_env) && \ terragrunt run --all --parallelism 2 --non-interactive apply format: @echo "Formatting OpenTofu files..." @tofu fmt -recursive . @echo "Formatting Terragrunt files..." @terragrunt hcl fmt