This commit is contained in:
41
main.tf
41
main.tf
@@ -0,0 +1,41 @@
|
|||||||
|
# =============================================================================
|
||||||
|
# VAULT DATA SOURCES
|
||||||
|
# =============================================================================
|
||||||
|
data "vault_generic_secret" "cloudflare" {
|
||||||
|
path = var.vault_cloudflare_path
|
||||||
|
}
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# LOCALS
|
||||||
|
# =============================================================================
|
||||||
|
locals {
|
||||||
|
# Secrets Cloudflare depuis Vault
|
||||||
|
cloudflare_token = data.vault_generic_secret.cloudflare.data["api_token"]
|
||||||
|
cloudflare_zone_id = data.vault_generic_secret.cloudflare.data["zone_id"]
|
||||||
|
cloudflare_account_id = data.vault_generic_secret.cloudflare.data["account_id"]
|
||||||
|
cloudflare_email = data.vault_generic_secret.cloudflare.data["email"]
|
||||||
|
|
||||||
|
# Construction des ingress rules pour toutes les applications
|
||||||
|
ingress_rules = concat(
|
||||||
|
[
|
||||||
|
for app_name, app_config in var.applications : {
|
||||||
|
hostname = "${app_config.subdomain}.${var.cloudflare_zone}"
|
||||||
|
service = app_config.origin_url
|
||||||
|
origin_request = {
|
||||||
|
no_tls_verify = app_config.no_tls_verify
|
||||||
|
|
||||||
|
# Configuration Access si activée
|
||||||
|
access = app_config.access_enabled ? {
|
||||||
|
team_name = app_config.access_team_name
|
||||||
|
aud_tag = app_config.access_aud_tags
|
||||||
|
required = true
|
||||||
|
} : null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
# Règle catch-all en dernier
|
||||||
|
[{
|
||||||
|
service = "http_status:404"
|
||||||
|
}]
|
||||||
|
)
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user