terraform-certificate-automation

Author	SHA1	Message	Date
Patrick de Ruiter	6db178e6ba	Fix TFLint setup timeout by pinning version Some checks failed Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / TFLint (push) Failing after 29s Details - Changed tflint_version from 'latest' to 'v0.50.3' - Avoids GitHub API timeout when fetching latest release - Fixes: Connect Timeout Error in Setup TFLint step v1.0.0	2025-11-10 22:15:45 +01:00
Patrick de Ruiter	003572082e	Remove provider blocks from child module to support for_each Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 36s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Removed provider blocks for Vault and Ansible from provider.tf - Module now accepts provider configuration from parent module - Updated Vault provider version from ~> 4.0 to ~> 5.3 for compatibility - Fixes: Module is incompatible with count, for_each, and depends_on error	2025-11-10 22:04:31 +01:00
Patrick de Ruiter	3af1102377	Add consul_template role files from master branch Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 38s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Added all files from consul_template-legacy and consul_template-org roles - These roles are now regular directories instead of submodules	2025-11-10 22:01:17 +01:00
Patrick de Ruiter	381e1086a3	Convert consul_template submodules to regular directories Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 38s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Removed gitlink entries for consul_template-legacy and consul_template-org - Converted from git submodules to regular directories - Fixes: 'fatal: No url found for submodule path' error when downloading module - Required for using module with git::https:// source in parent modules	2025-11-10 22:00:26 +01:00
Patrick de Ruiter	22d78bf85c	Add ansible directory with vault_agent role and playbooks All checks were successful Code Quality & Security Scan / TFLint (push) Successful in 24s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 44s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 43s Details Code Quality & Security Scan / SonarQube Trigger (push) Successful in 47s Details - Remove ansible/ from .gitignore - Add vault_agent role (copied from terraform-vsphere-infra) - Add vault_agent-playbook.yml for deployment - Include ansible collections (cloud.terraform, ansible.posix, etc.) - Archive consul_template role as consul_template-legacy The ansible directory contains the vault-agent deployment automation that replaces the legacy consul-template approach.	2025-11-10 12:33:38 +01:00
Patrick de Ruiter	93ec85c6a8	Run terraform fmt to fix formatting Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 20s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 28s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 34s Details Code Quality & Security Scan / Terraform Validate (push) Successful in 26s Details Code Quality & Security Scan / SonarQube Trigger (push) Failing after 38s Details	2025-11-10 12:28:01 +01:00
Patrick de Ruiter	1f82d5bec7	Fix TTL values: convert from string to seconds (numbers) Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 19s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 35s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 32s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 21s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - token_ttl: 1h -> 3600 seconds - token_max_ttl: 4h -> 14400 seconds - secret_id_ttl: 24h -> 86400 seconds	2025-11-10 12:25:22 +01:00
Patrick de Ruiter	8a2341423a	Fix Terraform validation errors Some checks failed Code Quality & Security Scan / TFLint (push) Successful in 19s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 27s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s Details Code Quality & Security Scan / Terraform Validate (push) Failing after 32s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details - Fix ansible_host resource: use 'name' and 'variables' instead of 'inventory_hostname' and 'vars' - Add missing Vault authentication variables: role_id and secret_id - Update CI/CD pipeline to provide dummy auth variables for validation - Run terraform fmt	2025-11-10 12:17:58 +01:00
Patrick de Ruiter	6daa3ee084	Fix TFLint warnings: add provider versions and Terraform version constraint Some checks failed Code Quality & Security Scan / Terraform Validate (push) Failing after 33s Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details Code Quality & Security Scan / TFLint (push) Successful in 18s Details Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 22s Details Code Quality & Security Scan / Checkov Security Scan (push) Successful in 35s Details	2025-11-10 12:12:57 +01:00
Patrick de Ruiter	9ccbe51a86	Fix pipeline trigger: add main branch to workflow Some checks failed Code Quality & Security Scan / TFLint (push) Failing after 17s Details Code Quality & Security Scan / Tfsec Security Scan (push) Has been skipped Details Code Quality & Security Scan / Checkov Security Scan (push) Has been skipped Details Code Quality & Security Scan / Terraform Validate (push) Has been skipped Details Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped Details	2025-11-10 12:11:06 +01:00
Patrick de Ruiter	7216c01328	Update environment variable description	2025-11-10 12:03:50 +01:00
Patrick de Ruiter	007f304966	Add CI/CD pipeline documentation	2025-11-10 12:00:23 +01:00
Patrick de Ruiter	9c0d389dd3	Migrate certificate-automation from consul-template to vault-agent - Migrated Ansible integration from consul_template to vault_agent - Copied vault_agent role from terraform-vsphere-infra module - Created vault_agent-playbook.yml for deployment - Archived consul_template role as consul_template-legacy - Updated Terraform configuration: - Changed Ansible inventory group from consul_template to vault_agent - Added vault_secret_path variable for vault-agent - Added ssl_certs_dir and ssl_private_dir variables - Formatted all Terraform files - Implemented CI/CD pipeline: - Created .gitea/workflows/pipeline.yaml - Added TFLint, Tfsec, and Checkov security scans - Added Terraform validate step - Added SonarQube integration - Created sonar-project.properties - Documentation updates: - Updated README.md with vault-agent information - Added migration section comparing consul-template vs vault-agent - Updated CLAUDE.md with vault-agent architecture - Added vault-agent configuration examples Why vault-agent over consul-template: - Full AppRole support with role_id/secret_id files - Advanced token auto-renewal with auto_auth - Better credential security (separate files vs config) - Actively developed by HashiCorp Note: The ansible/ directory changes (vault_agent role and playbook) are not committed as the directory is in .gitignore. These files exist locally and will be deployed during Ansible runs.	2025-11-10 11:32:35 +01:00
Patrick de Ruiter	47aaaa2143	Initial commit: Terraform certificate automation module - Add Vault AppRole and Ansible integration for certificates - Configure policies and secret engines - Add comprehensive documentation	2025-11-01 06:18:46 +01:00

14 Commits