From 576d0136a9a933cc874056ea471a789dac5c16c9 Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Tue, 4 Nov 2025 17:01:22 +0100
Subject: [PATCH] Update main.tf

---
 main.tf | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/main.tf b/main.tf
index e69de29..260cc8b 100644
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1,41 @@
+# =============================================================================
+# VAULT DATA SOURCES
+# =============================================================================
+data "vault_generic_secret" "cloudflare" {
+  path = var.vault_cloudflare_path
+}
+
+# =============================================================================
+# LOCALS
+# =============================================================================
+locals {
+  # Secrets Cloudflare depuis Vault
+  cloudflare_token      = data.vault_generic_secret.cloudflare.data["api_token"]
+  cloudflare_zone_id    = data.vault_generic_secret.cloudflare.data["zone_id"]
+  cloudflare_account_id = data.vault_generic_secret.cloudflare.data["account_id"]
+  cloudflare_email      = data.vault_generic_secret.cloudflare.data["email"]
+  
+  # Construction des ingress rules pour toutes les applications
+  ingress_rules = concat(
+    [
+      for app_name, app_config in var.applications : {
+        hostname = "${app_config.subdomain}.${var.cloudflare_zone}"
+        service  = app_config.origin_url
+        origin_request = {
+          no_tls_verify = app_config.no_tls_verify
+          
+          # Configuration Access si activée
+          access = app_config.access_enabled ? {
+            team_name = app_config.access_team_name
+            aud_tag   = app_config.access_aud_tags
+            required  = true
+          } : null
+        }
+      }
+    ],
+    # Règle catch-all en dernier
+    [{
+      service = "http_status:404"
+    }]
+  )
+}
\ No newline at end of file