From 6ffe4cc3cc31fdb6cbb46436a38ddc8409d040ef Mon Sep 17 00:00:00 2001 From: Peter Mikus Date: Wed, 22 Jan 2025 11:51:02 +0100 Subject: [PATCH] feat(terraform): Refactor roles Signed-off-by: Peter Mikus Change-Id: Ie5e5bb0d8d3c927c26286439fb128529b8b30a81 --- .../terraform-nomad-pyspark-etl/main.tf | 5 -- .../fdio/main.tf | 23 ------ .../terraform-vault-aws-secret-backend/main.tf | 28 ++----- .../variables.tf | 5 ++ .../terraform-vault-fdio-creds/main.tf | 86 ++++++++++++++++++++++ .../providers.tf | 0 .../variables.tf | 0 .../versions.tf | 0 8 files changed, 97 insertions(+), 50 deletions(-) delete mode 100644 fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf create mode 100644 fdio.infra.terraform/terraform-vault-fdio-creds/main.tf rename fdio.infra.terraform/{terraform-vault-aws-secret-backend/fdio => terraform-vault-fdio-creds}/providers.tf (100%) rename fdio.infra.terraform/{terraform-vault-aws-secret-backend/fdio => terraform-vault-fdio-creds}/variables.tf (100%) rename fdio.infra.terraform/{terraform-vault-aws-secret-backend/fdio => terraform-vault-fdio-creds}/versions.tf (100%) diff --git a/fdio.infra.terraform/terraform-nomad-pyspark-etl/main.tf b/fdio.infra.terraform/terraform-nomad-pyspark-etl/main.tf index cfe326bfcc..b9027a8ceb 100644 --- a/fdio.infra.terraform/terraform-nomad-pyspark-etl/main.tf +++ b/fdio.infra.terraform/terraform-nomad-pyspark-etl/main.tf @@ -3,11 +3,6 @@ data "vault_kv_secret_v2" "fdio_logs" { name = "etl/fdio_logs" } -data "vault_kv_secret_v2" "fdio_docs" { - mount = "kv" - name = "etl/fdio_docs" -} - data "vault_kv_secret_v2" "csit_docs" { mount = "kv" name = "etl/csit_docs" diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf deleted file mode 100644 index 08c3ca8b73..0000000000 --- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -module "fdio-logs" { - # fdio logs iam - source = "../" - name = "dynamic-aws-creds-vault-fdio-logs" - aws_access_key = var.aws_access_key - aws_secret_key = var.aws_secret_key -} - -module "fdio-docs" { - # fdio docs iam - source = "../" - name = "dynamic-aws-creds-vault-fdio-docs" - aws_access_key = var.aws_access_key - aws_secret_key = var.aws_secret_key -} - -module "fdio-csit-jenkins" { - # fdio csit jenkins iam - source = "../" - name = "dynamic-aws-creds-vault-fdio-csit-jenkins" - aws_access_key = var.aws_access_key - aws_secret_key = var.aws_secret_key -} diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf index 814121986f..6a2d42e681 100644 --- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf +++ b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf @@ -1,4 +1,4 @@ -resource "vault_aws_secret_backend" "aws" { +resource "vault_aws_secret_backend" "aws_secret_backend" { access_key = var.aws_access_key secret_key = var.aws_secret_key path = "${var.name}-path" @@ -7,34 +7,18 @@ resource "vault_aws_secret_backend" "aws" { max_lease_ttl_seconds = "0" } -resource "vault_aws_secret_backend_role" "admin" { - backend = vault_aws_secret_backend.aws.path +resource "vault_aws_secret_backend_role" "aws_secret_backend_role" { + backend = vault_aws_secret_backend.aws_secret_backend.path name = "${var.name}-role" credential_type = "iam_user" - policy_document = <