aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Mikus <pmikus@cisco.com>2022-02-04 09:56:00 +0100
committerPeter Mikus <pmikus@cisco.com>2022-02-04 09:04:15 +0000
commite07972508415c950fa1328d0e0e5a94651ee006e (patch)
tree5cab87fae86a39669a83ed9935153179c3c3dbc4
parent24ec60f7342fbb18c4a134406fb439af04947377 (diff)
feat(terraform): Refactor vault backend
Signed-off-by: Peter Mikus <pmikus@cisco.com> Change-Id: I914ecf444b5f8870969f1d996ba03a42fd92a5d5
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf17
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf5
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf17
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf13
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf5
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf8
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf7
7 files changed, 54 insertions, 18 deletions
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf
new file mode 100644
index 0000000000..4473dafda8
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf
@@ -0,0 +1,17 @@
+module "fdio-logs" {
+ # fdio logs iam
+ source = "../"
+ name = "dynamic-aws-creds-vault-fdio-logs"
+}
+
+module "fdio-docs" {
+ # fdio docs iam
+ source = "../"
+ name = "dynamic-aws-creds-vault-fdio-docs"
+}
+
+module "fdio-csit-jenkins" {
+ # fdio csit jenkins iam
+ source = "../"
+ name = "dynamic-aws-creds-vault-fdio-csit-jenkins"
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf
new file mode 100644
index 0000000000..102fd31b87
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf
@@ -0,0 +1,5 @@
+provider "vault" {
+ address = var.vault_provider_address
+ skip_tls_verify = var.vault_provider_skip_tls_verify
+ token = var.vault_provider_token
+} \ No newline at end of file
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf
new file mode 100644
index 0000000000..e36ed08473
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf
@@ -0,0 +1,17 @@
+variable "vault_provider_address" {
+ description = "Vault cluster address."
+ type = string
+ default = "http://10.30.51.28:8200"
+}
+
+variable "vault_provider_skip_tls_verify" {
+ description = "Verification of the Vault server's TLS certificate"
+ type = bool
+ default = false
+}
+
+variable "vault_provider_token" {
+ description = "Vault root token"
+ type = string
+ sensitive = true
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf
new file mode 100644
index 0000000000..ec03c7c9ee
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+ backend "consul" {
+ address = "consul.service.consul:8500"
+ scheme = "http"
+ path = "fdio/terraform/1n/nomad"
+ }
+ required_providers {
+ vault = {
+ version = ">= 3.2.1"
+ }
+ }
+ required_version = ">= 1.1.4"
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf
deleted file mode 100644
index c084d486a6..0000000000
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-provider "vault" {
- address = "http://10.30.51.28:8200"
- skip_tls_verify = true
- token = var.token
-}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
index df752980fd..2545345185 100644
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
@@ -11,13 +11,7 @@ variable "aws_secret_key" {
}
variable "name" {
- default = "dynamic-aws-creds-vault-fdio"
+ default = "dynamic-aws-creds-vault"
description = "Vault path"
type = string
}
-
-variable "token" {
- description = "Vault root token"
- type = string
- sensitive = true
-}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
index ef6f844721..996288568d 100644
--- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
@@ -1,13 +1,8 @@
terraform {
- backend "consul" {
- address = "consul.service.consul:8500"
- scheme = "http"
- path = "fdio/terraform/1n/nomad"
- }
required_providers {
vault = {
version = ">=2.22.1"
}
}
- required_version = ">= 1.0.3"
+ required_version = ">= 1.1.4"
}