Ben Vincent
5536869a38
This commit message captures the major architectural change of implementing Consul ACL management with proper provider aliasing, along with the supporting configuration files and policy definitions for various terraform services. - add consul_acl_management module to manage consul acl policies and roles - add consul backend roles and policies for terraform services (incus, k8s, nomad, repoflow, vault) - add consul provider configuration to root.hcl - add policies to generate credentials for each role - simplify consul_secret_backend_role module to reference acl-managed roles - switch to opentofu for provider foreach support - update terragrunt configuration to support consul backend aliases - update pre-commit hooks to use opentofu instead of terraform - configure tflint exceptions for consul acl management module
36 lines
707 B
HCL
36 lines
707 B
HCL
# Generate root backend.tf
|
|
generate "backend" {
|
|
path = "backend.tf"
|
|
if_exists = "overwrite"
|
|
contents = <<EOF
|
|
locals {
|
|
vault_addr = "https://vault.service.consul:8200"
|
|
}
|
|
|
|
provider "vault" {
|
|
address = local.vault_addr
|
|
}
|
|
|
|
terraform {
|
|
backend "consul" {
|
|
address = "https://consul.service.consul"
|
|
path = "infra/terraform/vault/${path_relative_to_include()}/state"
|
|
scheme = "https"
|
|
lock = true
|
|
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
|
}
|
|
required_version = ">= 1.10"
|
|
required_providers {
|
|
vault = {
|
|
source = "hashicorp/vault"
|
|
version = "5.6.0"
|
|
}
|
|
consul = {
|
|
source = "hashicorp/consul"
|
|
version = "2.23.0"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
}
|