add app_roles terraform module for vault and declare erp app

2024-11-04 17:30:37 +01:00
parent bbb0bc7d5f
commit 784c014224
10 changed files with 105 additions and 30 deletions
--- a/hashicorp-vault/iac/main.tf
+++ b/hashicorp-vault/iac/main.tf
@@ -1,27 +1,3 @@
-terraform {
-  backend "gcs" {
-    bucket  = "arcodange-tf"
-    prefix  = "tools/hashicorp_vault/main"
-  }
-}
-
-terraform {
-    required_providers {
-      vault = {
-        source = "vault"
-        version = "4.4.0"
-      }
-    }
-}
-
-provider vault {
-    address = "https://vault.arcodange.duckdns.org"
-    auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
-        mount = "gitea_jwt"
-        role = "gitea_cicd"
-    }
-}
-
 resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
 }
@@ -98,14 +74,9 @@ resource "vault_kubernetes_auth_backend_role" "vso" {
  alias_name_source                = "serviceaccount_name"
 }

-locals { # turn into *.tfvars ?
-  apps = toset([
-    "webapp",
-  ])
-}
 module "app_policies" {
  source = "./modules/app_policy"
-  for_each = local.apps
+  for_each = var.applications
  name = each.value
  gitea_app_id = var.gitea_app_id
 }