feat(terraform): Refactor vault backend

author Peter Mikus <pmikus@cisco.com>

Fri, 4 Feb 2022 08:56:00 +0000 (09:56 +0100)

committer Peter Mikus <pmikus@cisco.com>

Fri, 4 Feb 2022 09:04:15 +0000 (09:04 +0000)
author Peter Mikus <pmikus@cisco.com>
Fri, 4 Feb 2022 08:56:00 +0000 (09:56 +0100)
committer Peter Mikus <pmikus@cisco.com>
Fri, 4 Feb 2022 09:04:15 +0000 (09:04 +0000)
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf

new file mode 100644 (file)

index 0000000..4473daf
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf
@@ -0,0 +1,17 @@
+module "fdio-logs" {
+  # fdio logs iam
+  source = "../"
+  name   = "dynamic-aws-creds-vault-fdio-logs"
+}
+
+module "fdio-docs" {
+  # fdio docs iam
+  source = "../"
+  name   = "dynamic-aws-creds-vault-fdio-docs"
+}
+
+module "fdio-csit-jenkins" {
+  # fdio csit jenkins iam
+  source = "../"
+  name   = "dynamic-aws-creds-vault-fdio-csit-jenkins"
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf

new file mode 100644 (file)

index 0000000..102fd31
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf
@@ -0,0 +1,5 @@
+provider "vault" {
+  address         = var.vault_provider_address
+  skip_tls_verify = var.vault_provider_skip_tls_verify
+  token           = var.vault_provider_token
+}
+\ No newline at end of file
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf

new file mode 100644 (file)

index 0000000..e36ed08
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf
@@ -0,0 +1,17 @@
+variable "vault_provider_address" {
+  description = "Vault cluster address."
+  type        = string
+  default     = "http://10.30.51.28:8200"
+}
+
+variable "vault_provider_skip_tls_verify" {
+  description = "Verification of the Vault server's TLS certificate"
+  type        = bool
+  default     = false
+}
+
+variable "vault_provider_token" {
+  description = "Vault root token"
+  type        = string
+  sensitive   = true
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf

new file mode 100644 (file)

index 0000000..ec03c7c
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  backend "consul" {
+    address = "consul.service.consul:8500"
+    scheme  = "http"
+    path    = "fdio/terraform/1n/nomad"
+  }
+  required_providers {
+    vault = {
+      version = ">= 3.2.1"
+    }
+  }
+  required_version = ">= 1.1.4"
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf

deleted file mode 100644 (file)

index c084d48..0000000
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-provider "vault" {
-  address         = "http://10.30.51.28:8200"
-  skip_tls_verify = true
-  token           = var.token
-}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf

index df75298..2545345 100644 (file)
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
@@ -11,13 +11,7 @@ variable "aws_secret_key" {
  }
  
  variable "name" {
  }
  
  variable "name" {
-  default     = "dynamic-aws-creds-vault-fdio"
+  default     = "dynamic-aws-creds-vault"
    description = "Vault path"
    type        = string
  }
    description = "Vault path"
    type        = string
  }
-
-variable "token" {
-  description = "Vault root token"
-  type        = string
-  sensitive   = true
-}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf

index ef6f844..9962885 100644 (file)
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
@@ -1,13 +1,8 @@
  terraform {
  terraform {
-  backend "consul" {
-    address = "consul.service.consul:8500"
-    scheme  = "http"
-    path    = "fdio/terraform/1n/nomad"
-  }
    required_providers {
      vault = {
        version = ">=2.22.1"
      }
    }
    required_providers {
      vault = {
        version = ">=2.22.1"
      }
    }
-  required_version = ">= 1.0.3"
+  required_version = ">= 1.1.4"
  }
  }
author	Peter Mikus <pmikus@cisco.com>
	Fri, 4 Feb 2022 08:56:00 +0000 (09:56 +0100)
committer	Peter Mikus <pmikus@cisco.com>
	Fri, 4 Feb 2022 09:04:15 +0000 (09:04 +0000)
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf	[new file with mode: 0644]	patch \| blob
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf	[new file with mode: 0644]	patch \| blob
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf	[new file with mode: 0644]	patch \| blob
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf	[new file with mode: 0644]	patch \| blob
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf	[deleted file]	patch \| blob \| history
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf		patch \| blob \| history
fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf		patch \| blob \| history