From 58f901ad3ee8462ce94113df63c4a8815fddcc1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Tue, 17 Feb 2026 20:10:37 +0100
Subject: [PATCH] terraform: add ns1 and ns2 to AppRole policies

They were missing from the host_policies map, so they didn't get
shared policies like loki-push.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 terraform/vault/approle.tf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/terraform/vault/approle.tf b/terraform/vault/approle.tf
index f262f49..451b823 100644
--- a/terraform/vault/approle.tf
+++ b/terraform/vault/approle.tf
@@ -90,6 +90,19 @@ locals {
     }
 
     # Wave 3: DNS servers
+    "ns1" = {
+      paths = [
+        "secret/data/hosts/ns1/*",
+        "secret/data/shared/dns/*",
+      ]
+    }
+
+    "ns2" = {
+      paths = [
+        "secret/data/hosts/ns2/*",
+        "secret/data/shared/dns/*",
+      ]
+    }
 
     # Wave 4: http-proxy
     "http-proxy" = {