From c490d37fd7dc797ea61f99104b66e57b920155a9 Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Wed, 3 Dec 2025 15:16:46 +0100
Subject: [PATCH] add ops_ prefix to policies applied to cicd role

---
 hashicorp-vault/iac/main.tf                         | 2 +-
 hashicorp-vault/iac/modules/app_policy/main.tf      | 2 +-
 hashicorp-vault/iac/modules/app_policy/variables.tf | 2 +-
 hashicorp-vault/iac/terraform.tfvars                | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hashicorp-vault/iac/main.tf b/hashicorp-vault/iac/main.tf
index 02d78da..cc531c4 100644
--- a/hashicorp-vault/iac/main.tf
+++ b/hashicorp-vault/iac/main.tf
@@ -78,7 +78,7 @@ module "app_policies" {
   source       = "./modules/app_policy"
   for_each     = { for app in var.applications : app.name => app }
   name         = each.value.name
-  policies     = each.value.policies
+  ops_policies     = each.value.policies
   service_account_names = each.value.service_account_names
   service_account_namespaces =  each.value.service_account_namespaces
   gitea_app_id = var.gitea_app_id
diff --git a/hashicorp-vault/iac/modules/app_policy/main.tf b/hashicorp-vault/iac/modules/app_policy/main.tf
index d9e7596..632e85b 100644
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -129,7 +129,7 @@ data "vault_auth_backend" "gitea_jwt" {
 resource "vault_jwt_auth_backend_role" "gitea_jwt_cicd" {
   backend        = data.vault_auth_backend.gitea_jwt.path
   role_name      = "gitea_cicd_${local.name}"
-  token_policies = concat(["default"], var.policies) # give "${local.name}-ops" role to group of entities
+  token_policies = concat(["default"], var.ops_policies) # give "${local.name}-ops" role to group of entities
 
   bound_audiences = [
     var.gitea_app_id,
diff --git a/hashicorp-vault/iac/modules/app_policy/variables.tf b/hashicorp-vault/iac/modules/app_policy/variables.tf
index a99e229..d4209d0 100644
--- a/hashicorp-vault/iac/modules/app_policy/variables.tf
+++ b/hashicorp-vault/iac/modules/app_policy/variables.tf
@@ -4,7 +4,7 @@ variable "name" {
 variable "gitea_app_id" {
   type = string
 }
-variable "policies" {
+variable "ops_policies" {
   type    = list(string)
   default = []
 }
diff --git a/hashicorp-vault/iac/terraform.tfvars b/hashicorp-vault/iac/terraform.tfvars
index 68374fa..1b0a15c 100644
--- a/hashicorp-vault/iac/terraform.tfvars
+++ b/hashicorp-vault/iac/terraform.tfvars
@@ -3,7 +3,7 @@ applications = [
   { name = "erp" },
   {
     name                   = "cms"
-    policies               = ["factory__cf_r2_arcodange_tf"]
+    ops_policies               = ["factory__cf_r2_arcodange_tf"]
     service_account_names = ["cloudflared"]
   },
 ]
\ No newline at end of file