add ops_ prefix to policies applied to cicd role

2025-12-03 15:16:46 +01:00
parent 50f8ea95be
commit c490d37fd7
4 changed files with 4 additions and 4 deletions
--- a/hashicorp-vault/iac/main.tf
+++ b/hashicorp-vault/iac/main.tf
@@ -78,7 +78,7 @@ module "app_policies" {
  source       = "./modules/app_policy"
  for_each     = { for app in var.applications : app.name => app }
  name         = each.value.name
-  policies     = each.value.policies
+  ops_policies     = each.value.policies
  service_account_names = each.value.service_account_names
  service_account_namespaces =  each.value.service_account_namespaces
  gitea_app_id = var.gitea_app_id
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -129,7 +129,7 @@ data "vault_auth_backend" "gitea_jwt" {
 resource "vault_jwt_auth_backend_role" "gitea_jwt_cicd" {
  backend        = data.vault_auth_backend.gitea_jwt.path
  role_name      = "gitea_cicd_${local.name}"
-  token_policies = concat(["default"], var.policies) # give "${local.name}-ops" role to group of entities
+  token_policies = concat(["default"], var.ops_policies) # give "${local.name}-ops" role to group of entities

  bound_audiences = [
    var.gitea_app_id,
--- a/hashicorp-vault/iac/modules/app_policy/variables.tf
+++ b/hashicorp-vault/iac/modules/app_policy/variables.tf
@@ -4,7 +4,7 @@ variable "name" {
 variable "gitea_app_id" {
  type = string
 }
-variable "policies" {
+variable "ops_policies" {
  type    = list(string)
  default = []
 }
--- a/hashicorp-vault/iac/terraform.tfvars
+++ b/hashicorp-vault/iac/terraform.tfvars
@@ -3,7 +3,7 @@ applications = [
  { name = "erp" },
  {
    name                   = "cms"
-    policies               = ["factory__cf_r2_arcodange_tf"]
+    ops_policies               = ["factory__cf_r2_arcodange_tf"]
    service_account_names = ["cloudflared"]
  },
 ]