tofu fmt -recursive and kvv1/cloudflare permission for cms project

hashicorp-vault/iac/modules/app_policy/main.tf

@@ -27,6 +27,11 @@ data "vault_policy_document" "ops" {
     path         = "kvv1/google/credentials"
     capabilities = ["read"]
   }
+  # read cloudflare credentials for terraform cloudflare backend
+  rule {
+    path         = "kvv1/cloudflare"
+    capabilities = ["read"]
+  }
   # read tofu_module_reader gitea bot user ssh keys
   rule {
     path         = "kvv1/gitea/tofu_module_reader"
@@ -138,6 +143,6 @@ data "vault_policy_document" "app" {
   }
 }
 resource "vault_policy" "app" {
-    name = "${local.name}"
+  name   = local.name
   policy = data.vault_policy_document.app.hcl
 }

hashicorp-vault/iac/modules/app_roles/main.tf

@@ -12,7 +12,7 @@ locals {
 
 resource "vault_database_secret_backend_role" "role" {
   backend = local.vault_mount_postgres.path
-  name                = "${local.name}"
+  name    = local.name
   db_name = "postgres"
   creation_statements = [
     "CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",

hashicorp-vault/iac/terraform.tfvars

@@ -1,4 +1,5 @@
 applications = [
   "webapp",
   "erp",
+  "cms",
 ]