terraform-certificate-automation

Author	SHA1	Message	Date
Patrick de Ruiter	9c31f9ce4c	Remove backend.tf from child module Some checks failed Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / TFLint (push) Failing after 22s Details - backend.tf should only exist in root modules, not child modules - Removes warning: Backend configuration ignored - This module is only used as a child module via git source	2025-11-10 23:02:30 +01:00
Patrick de Ruiter	003572082e	Remove provider blocks from child module to support for_each Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 36s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Removed provider blocks for Vault and Ansible from provider.tf - Module now accepts provider configuration from parent module - Updated Vault provider version from ~> 4.0 to ~> 5.3 for compatibility - Fixes: Module is incompatible with count, for_each, and depends_on error	2025-11-10 22:04:31 +01:00
Patrick de Ruiter	93ec85c6a8	Run terraform fmt to fix formatting Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 20s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 28s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 34s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 26s Details Code Quality & Security Scan / SonarQube Trigger (push) Failing after 38s Details	2025-11-10 12:28:01 +01:00
Patrick de Ruiter	1f82d5bec7	Fix TTL values: convert from string to seconds (numbers) Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 19s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 35s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 32s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 21s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - token_ttl: 1h -> 3600 seconds - token_max_ttl: 4h -> 14400 seconds - secret_id_ttl: 24h -> 86400 seconds	2025-11-10 12:25:22 +01:00
Patrick de Ruiter	8a2341423a	Fix Terraform validation errors Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 19s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 27s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 32s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Fix ansible_host resource: use 'name' and 'variables' instead of 'inventory_hostname' and 'vars' - Add missing Vault authentication variables: role_id and secret_id - Update CI/CD pipeline to provide dummy auth variables for validation - Run terraform fmt	2025-11-10 12:17:58 +01:00
Patrick de Ruiter	6daa3ee084	Fix TFLint warnings: add provider versions and Terraform version constraint Some checks failed Code Quality & Security Scan / Terraform Validate (push) Failing after 33s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / TFLint (push) Successful in 18s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 22s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s Details	2025-11-10 12:12:57 +01:00
Patrick de Ruiter	7216c01328	Update environment variable description	2025-11-10 12:03:50 +01:00
Patrick de Ruiter	9c0d389dd3	Migrate certificate-automation from consul-template to vault-agent - Migrated Ansible integration from consul_template to vault_agent - Copied vault_agent role from terraform-vsphere-infra module - Created vault_agent-playbook.yml for deployment - Archived consul_template role as consul_template-legacy - Updated Terraform configuration: - Changed Ansible inventory group from consul_template to vault_agent - Added vault_secret_path variable for vault-agent - Added ssl_certs_dir and ssl_private_dir variables - Formatted all Terraform files - Implemented CI/CD pipeline: - Created .gitea/workflows/pipeline.yaml - Added TFLint, Tfsec, and Checkov security scans - Added Terraform validate step - Added SonarQube integration - Created sonar-project.properties - Documentation updates: - Updated README.md with vault-agent information - Added migration section comparing consul-template vs vault-agent - Updated CLAUDE.md with vault-agent architecture - Added vault-agent configuration examples Why vault-agent over consul-template: - Full AppRole support with role_id/secret_id files - Advanced token auto-renewal with auto_auth - Better credential security (separate files vs config) - Actively developed by HashiCorp Note: The ansible/ directory changes (vault_agent role and playbook) are not committed as the directory is in .gitignore. These files exist locally and will be deployed during Ansible runs.	2025-11-10 11:32:35 +01:00
Patrick de Ruiter	47aaaa2143	Initial commit: Terraform certificate automation module - Add Vault AppRole and Ansible integration for certificates - Configure policies and secret engines - Add comprehensive documentation	2025-11-01 06:18:46 +01:00

9 Commits