Ben Vincent
8070b6f66b
- migrate from individual terraform files to config-driven terragrunt module structure - add vault_cluster module with config discovery system - replace individual .tf files with centralized config.hcl - restructure auth and secret backends as configurable modules - move auth roles and secret backends to yaml-based configuration - convert policies from .hcl to .yaml format, add rules/auth definition - add pre-commit hooks for yaml formatting and file cleanup - add terragrunt cache to gitignore - update makefile with terragrunt commands and format target
62 lines
2.4 KiB
HCL
62 lines
2.4 KiB
HCL
# =============================================================================
|
|
# VAULT RESOURCES CONFIGURATION SYSTEM
|
|
# =============================================================================
|
|
#
|
|
# This file automatically discovers and processes all YAML resource files from
|
|
# the resources/ directory, creating a unified resource configuration for Vault.
|
|
#
|
|
# HOW IT WORKS:
|
|
# 1. Scans all subdirectories under resources/ for *.yaml files
|
|
# 2. Parses each YAML file to extract resource rules and configuration
|
|
# 3. Creates structured mappings for backend types -> paths -> resource names
|
|
#
|
|
# YAML STRUCTURE:
|
|
# Each resource YAML file should contain Kubernetes RBAC rules or similar
|
|
# resource definitions that will be used by Vault secret backends.
|
|
#
|
|
# EXAMPLE YAML FILE (resources/secret_backend/kubernetes/au/syd1/roles/admin.yaml):
|
|
# ```yaml
|
|
# rules:
|
|
# - apiGroups: [""]
|
|
# resources: ["*"]
|
|
# verbs: ["*"]
|
|
# ```
|
|
#
|
|
# DIRECTORY STRUCTURE:
|
|
# resources/
|
|
# └── secret_backend/
|
|
# └── {backend_type}/
|
|
# └── {country}/
|
|
# └── {region}/
|
|
# └── roles/
|
|
# └── {role_name}.yaml
|
|
#
|
|
# GENERATED OUTPUTS:
|
|
# - resources: [resources][secret_backend\auth_backend][path-between][yaml-file-name]
|
|
#
|
|
# =============================================================================
|
|
|
|
locals {
|
|
# Find all YAML files in current directory and subdirectories
|
|
resource_files = fileset(".", "**/*.yaml")
|
|
|
|
# Create the desired nested structure: resources -> backend_type -> middle_path -> filename
|
|
resources = {
|
|
resources = {
|
|
for backend_type in distinct([
|
|
for file_path in local.resource_files : split("/", file_path)[0]
|
|
]) : backend_type => {
|
|
for middle_path in distinct([
|
|
for file_path in local.resource_files :
|
|
length(split("/", file_path)) > 2 ? join("/", slice(split("/", file_path), 1, length(split("/", file_path)) - 1)) : ""
|
|
if split("/", file_path)[0] == backend_type
|
|
]) : middle_path => {
|
|
for file_path in local.resource_files :
|
|
trimsuffix(basename(file_path), ".yaml") => yamldecode(file(file_path))
|
|
if split("/", file_path)[0] == backend_type &&
|
|
(length(split("/", file_path)) > 2 ? join("/", slice(split("/", file_path), 1, length(split("/", file_path)) - 1)) : "") == middle_path
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |