Files
terraform-vault/modules/vault_cluster/modules/consul_secret_backend/main.tf
T
unkinben 5536869a38 feat: implement consul ACL management with provider aliases
This commit message captures the major architectural change of implementing Consul ACL management
with proper provider aliasing, along with the supporting configuration files and policy definitions
for various terraform services.

- add consul_acl_management module to manage consul acl policies and roles
- add consul backend roles and policies for terraform services (incus, k8s, nomad, repoflow, vault)
- add consul provider configuration to root.hcl
- add policies to generate credentials for each role
- simplify consul_secret_backend_role module to reference acl-managed roles
- switch to opentofu for provider foreach support
- update terragrunt configuration to support consul backend aliases
- update pre-commit hooks to use opentofu instead of terraform
- configure tflint exceptions for consul acl management module
2026-02-14 18:13:50 +11:00

22 lines
873 B
Terraform

# Expected keys in KV secret: token (if not bootstrapping)
data "vault_kv_secret_v2" "secret_backend_config" {
count = var.bootstrap ? 0 : 1
mount = "kv"
name = "service/vault/${var.country}/${var.region}/secret_backend/${var.path}"
}
resource "vault_consul_secret_backend" "consul" {
path = var.path
description = var.description
address = var.address
token = var.bootstrap ? null : data.vault_kv_secret_v2.secret_backend_config[0].data["token"]
bootstrap = var.bootstrap
scheme = var.scheme
ca_cert = var.ca_cert
client_cert = var.client_cert
client_key = var.client_key
default_lease_ttl_seconds = var.default_lease_ttl_seconds
max_lease_ttl_seconds = var.max_lease_ttl_seconds
}