From 5747228f8c7c793dcf62a94aeb11fdb96ee7a37e Mon Sep 17 00:00:00 2001 From: pmikus Date: Fri, 29 Oct 2021 06:19:46 +0000 Subject: [PATCH] feat(Terraform): AWS backend role migration Signed-off-by: pmikus Change-Id: I8c93eaaa766c48b705a19e38123b69c994669dc0 --- fdio.infra.terraform/1n_nmd/aws/providers.tf | 14 ------- fdio.infra.terraform/1n_nmd/aws/variables.tf | 11 ----- .../1n_nmd/tools/artifacts_download.py | 47 ---------------------- .../{aws => vault-aws-secret-backend}/main.tf | 4 +- .../1n_nmd/vault-aws-secret-backend/providers.tf | 5 +++ .../1n_nmd/vault-aws-secret-backend/variables.tf | 23 +++++++++++ .../1n_nmd/vault-aws-secret-backend/versions.tf | 13 ++++++ 7 files changed, 43 insertions(+), 74 deletions(-) delete mode 100644 fdio.infra.terraform/1n_nmd/aws/providers.tf delete mode 100644 fdio.infra.terraform/1n_nmd/aws/variables.tf delete mode 100755 fdio.infra.terraform/1n_nmd/tools/artifacts_download.py rename fdio.infra.terraform/1n_nmd/{aws => vault-aws-secret-backend}/main.tf (89%) create mode 100644 fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf create mode 100644 fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf create mode 100644 fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf diff --git a/fdio.infra.terraform/1n_nmd/aws/providers.tf b/fdio.infra.terraform/1n_nmd/aws/providers.tf deleted file mode 100644 index 9bcd95ec57..0000000000 --- a/fdio.infra.terraform/1n_nmd/aws/providers.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_providers { - vault = { - version = ">=2.22.1" - } - } - required_version = ">= 1.0.3" -} - -provider "vault" { - address = "http://10.30.51.28:8200" - skip_tls_verify = true - token = "s.4z5PsufFwV3sHbCzK9Y2Cojd" -} \ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/aws/variables.tf b/fdio.infra.terraform/1n_nmd/aws/variables.tf deleted file mode 100644 index ee9fb73a73..0000000000 --- a/fdio.infra.terraform/1n_nmd/aws/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "aws_access_key" { - sensitive = true -} - -variable "aws_secret_key" { - sensitive = true -} - -variable "name" { - default = "dynamic-aws-creds-vault-admin" -} \ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py b/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py deleted file mode 100755 index 2af895e8b9..0000000000 --- a/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/python3 - -# Copyright (c) 2021 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Storage utilities library.""" - -from boto3 import resource -from botocore.client import Config - - -ENDPOINT_URL = u"http://storage.service.consul:9000" -AWS_ACCESS_KEY_ID = u"storage" -AWS_SECRET_ACCESS_KEY = u"Storage1234" -REGION_NAME = u"yul1" -LOGS_BUCKET = f"logs.fd.io" - - -if __name__ == u"__main__": - """Main function for storage manipulation.""" - - # Create main storage resource. - storage = resource( - u"s3", - endpoint_url=ENDPOINT_URL, - aws_access_key_id=AWS_ACCESS_KEY_ID, - aws_secret_access_key=AWS_SECRET_ACCESS_KEY, - config=Config( - signature_version=u"s3v4" - ), - region_name=REGION_NAME - ) - - storage.Bucket(LOGS_BUCKET).download_file( - "/vex-yul-rot-jenkins-1/csit-vpp-perf-report-iterative-2101-3n-skx/47/archives/output_info.xml.gz", - "output.xml.gz" - ) \ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/aws/main.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf similarity index 89% rename from fdio.infra.terraform/1n_nmd/aws/main.tf rename to fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf index be7eb7c577..a65c390792 100644 --- a/fdio.infra.terraform/1n_nmd/aws/main.tf +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf @@ -3,8 +3,8 @@ resource "vault_aws_secret_backend" "aws" { secret_key = var.aws_secret_key path = "${var.name}-path" - default_lease_ttl_seconds = "43200" - max_lease_ttl_seconds = "43200" + default_lease_ttl_seconds = "0" + max_lease_ttl_seconds = "0" } resource "vault_aws_secret_backend_role" "admin" { diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf new file mode 100644 index 0000000000..c084d486a6 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf @@ -0,0 +1,5 @@ +provider "vault" { + address = "http://10.30.51.28:8200" + skip_tls_verify = true + token = var.token +} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf new file mode 100644 index 0000000000..df752980fd --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf @@ -0,0 +1,23 @@ +variable "aws_access_key" { + description = "AWS access key" + type = string + sensitive = true +} + +variable "aws_secret_key" { + description = "AWS secret key" + type = string + sensitive = true +} + +variable "name" { + default = "dynamic-aws-creds-vault-fdio" + description = "Vault path" + type = string +} + +variable "token" { + description = "Vault root token" + type = string + sensitive = true +} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf new file mode 100644 index 0000000000..ef6f844721 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf @@ -0,0 +1,13 @@ +terraform { + backend "consul" { + address = "consul.service.consul:8500" + scheme = "http" + path = "fdio/terraform/1n/nomad" + } + required_providers { + vault = { + version = ">=2.22.1" + } + } + required_version = ">= 1.0.3" +} -- 2.16.6