diff options
author | Peter Mikus <pmikus@cisco.com> | 2022-02-04 09:56:00 +0100 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2022-02-04 09:04:15 +0000 |
commit | e07972508415c950fa1328d0e0e5a94651ee006e (patch) | |
tree | 5cab87fae86a39669a83ed9935153179c3c3dbc4 /fdio.infra.terraform/1n_nmd/vault-aws-secret-backend | |
parent | 24ec60f7342fbb18c4a134406fb439af04947377 (diff) |
feat(terraform): Refactor vault backend
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I914ecf444b5f8870969f1d996ba03a42fd92a5d5
Diffstat (limited to 'fdio.infra.terraform/1n_nmd/vault-aws-secret-backend')
7 files changed, 54 insertions, 18 deletions
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf new file mode 100644 index 0000000000..4473dafda8 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/main.tf @@ -0,0 +1,17 @@ +module "fdio-logs" { + # fdio logs iam + source = "../" + name = "dynamic-aws-creds-vault-fdio-logs" +} + +module "fdio-docs" { + # fdio docs iam + source = "../" + name = "dynamic-aws-creds-vault-fdio-docs" +} + +module "fdio-csit-jenkins" { + # fdio csit jenkins iam + source = "../" + name = "dynamic-aws-creds-vault-fdio-csit-jenkins" +} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf new file mode 100644 index 0000000000..102fd31b87 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/providers.tf @@ -0,0 +1,5 @@ +provider "vault" { + address = var.vault_provider_address + skip_tls_verify = var.vault_provider_skip_tls_verify + token = var.vault_provider_token +}
\ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf new file mode 100644 index 0000000000..e36ed08473 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/variables.tf @@ -0,0 +1,17 @@ +variable "vault_provider_address" { + description = "Vault cluster address." + type = string + default = "http://10.30.51.28:8200" +} + +variable "vault_provider_skip_tls_verify" { + description = "Verification of the Vault server's TLS certificate" + type = bool + default = false +} + +variable "vault_provider_token" { + description = "Vault root token" + type = string + sensitive = true +} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf new file mode 100644 index 0000000000..ec03c7c9ee --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/fdio/versions.tf @@ -0,0 +1,13 @@ +terraform { + backend "consul" { + address = "consul.service.consul:8500" + scheme = "http" + path = "fdio/terraform/1n/nomad" + } + required_providers { + vault = { + version = ">= 3.2.1" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf deleted file mode 100644 index c084d486a6..0000000000 --- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf +++ /dev/null @@ -1,5 +0,0 @@ -provider "vault" { - address = "http://10.30.51.28:8200" - skip_tls_verify = true - token = var.token -} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf index df752980fd..2545345185 100644 --- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf @@ -11,13 +11,7 @@ variable "aws_secret_key" { } variable "name" { - default = "dynamic-aws-creds-vault-fdio" + default = "dynamic-aws-creds-vault" description = "Vault path" type = string } - -variable "token" { - description = "Vault root token" - type = string - sensitive = true -} diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf index ef6f844721..996288568d 100644 --- a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf +++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf @@ -1,13 +1,8 @@ terraform { - backend "consul" { - address = "consul.service.consul:8500" - scheme = "http" - path = "fdio/terraform/1n/nomad" - } required_providers { vault = { version = ">=2.22.1" } } - required_version = ">= 1.0.3" + required_version = ">= 1.1.4" } |