tofu fmt -recursive and kvv1/cloudflare permission for cms project

2025-10-24 18:00:16 +02:00
parent be6e6135d7
commit ea9e41ff1a
6 changed files with 63 additions and 57 deletions
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -27,6 +27,11 @@ data "vault_policy_document" "ops" {
    path         = "kvv1/google/credentials"
    capabilities = ["read"]
  }
+  # read cloudflare credentials for terraform cloudflare backend
+  rule {
+    path         = "kvv1/cloudflare"
+    capabilities = ["read"]
+  }
  # read tofu_module_reader gitea bot user ssh keys
  rule {
    path         = "kvv1/gitea/tofu_module_reader"
@@ -138,6 +143,6 @@ data "vault_policy_document" "app" {
  }
 }
 resource "vault_policy" "app" {
-    name = "${local.name}"
+  name   = local.name
  policy = data.vault_policy_document.app.hcl
 }
--- a/hashicorp-vault/iac/modules/app_roles/main.tf
+++ b/hashicorp-vault/iac/modules/app_roles/main.tf
@@ -12,7 +12,7 @@ locals {

 resource "vault_database_secret_backend_role" "role" {
  backend = local.vault_mount_postgres.path
-  name                = "${local.name}"
+  name    = local.name
  db_name = "postgres"
  creation_statements = [
    "CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';",
--- a/hashicorp-vault/iac/terraform.tfvars
+++ b/hashicorp-vault/iac/terraform.tfvars
@@ -1,4 +1,5 @@
 applications = [
  "webapp",
  "erp",
+  "cms",
 ]