wbyc/terraform-certificate-automation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Terraform validation errors
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 19s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 27s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Details
Code Quality & Security Scan / Terraform Validate (push) Failing after 32s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details

Browse Source 
- Fix ansible_host resource: use 'name' and 'variables' instead of 'inventory_hostname' and 'vars'
- Add missing Vault authentication variables: role_id and secret_id
- Update CI/CD pipeline to provide dummy auth variables for validation
- Run terraform fmt
This commit is contained in:
Patrick de Ruiter 2025-11-10 12:17:58 +01:00
parent 6daa3ee084
commit 8a2341423a
Signed by: pderuiter
GPG Key ID: 5EBA7F21CF583321
3 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/pipeline.yaml
View File

@ -90,6 +90,8 @@ jobs:
TF_VAR_vault_address: "https://vault.example.com:8200" TF_VAR_vault_address: "https://vault.example.com:8200"
TF_VAR_environment: "test" TF_VAR_environment: "test"
TF_VAR_short_hostname: "test-host" TF_VAR_short_hostname: "test-host"
TF_VAR_role_id: "dummy-role-id"
TF_VAR_secret_id: "dummy-secret-id"
run: terraform init -backend=false run: terraform init -backend=false
- name: Terraform Validate - name: Terraform Validate
@ -98,6 +100,8 @@ jobs:
TF_VAR_vault_address: "https://vault.example.com:8200" TF_VAR_vault_address: "https://vault.example.com:8200"
TF_VAR_environment: "test" TF_VAR_environment: "test"
TF_VAR_short_hostname: "test-host" TF_VAR_short_hostname: "test-host"
TF_VAR_role_id: "dummy-role-id"
TF_VAR_secret_id: "dummy-secret-id"
run: terraform validate run: terraform validate
sonarqube: sonarqube:

6
terraform/main.tf
View File

@ -28,10 +28,10 @@ resource "vault_approle_auth_backend_role_secret_id" "cert_role_secret" {
} }
resource "ansible_host" "vault_agent_node" { resource "ansible_host" "vault_agent_node" {
inventory_hostname = var.short_hostname name = var.short_hostname
groups = ["vault_agent"] groups = ["vault_agent"]
vars = { variables = {
ansible_user = "ansible" ansible_user = "ansible"
ansible_ssh_private_key_file = "~/.ssh/id_ed25519" ansible_ssh_private_key_file = "~/.ssh/id_ed25519"
ansible_python_interpreter = "/usr/bin/python3" ansible_python_interpreter = "/usr/bin/python3"

12
terraform/variables.tf
View File

@ -28,3 +28,15 @@ variable "vault_address" {
} }
} }
variable "role_id" {
type = string
description = "Vault AppRole role_id for authentication"
sensitive = true
}
variable "secret_id" {
type = string
description = "Vault AppRole secret_id for authentication"
sensitive = true
}