aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2021-10-29 06:19:46 +0000
committerpmikus <pmikus@cisco.com>2021-10-29 06:19:46 +0000
commit5747228f8c7c793dcf62a94aeb11fdb96ee7a37e (patch)
tree73f06cc812604071f6d8517382b0c5ffa027da1b /fdio.infra.terraform
parent585b9d8bbf21b0c5a2d2c28809688563007760db (diff)
feat(Terraform): AWS backend role migration
Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: I8c93eaaa766c48b705a19e38123b69c994669dc0
Diffstat (limited to 'fdio.infra.terraform')
-rw-r--r--fdio.infra.terraform/1n_nmd/aws/providers.tf14
-rw-r--r--fdio.infra.terraform/1n_nmd/aws/variables.tf11
-rwxr-xr-xfdio.infra.terraform/1n_nmd/tools/artifacts_download.py47
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf (renamed from fdio.infra.terraform/1n_nmd/aws/main.tf)4
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf5
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf23
-rw-r--r--fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf13
7 files changed, 43 insertions, 74 deletions
diff --git a/fdio.infra.terraform/1n_nmd/aws/providers.tf b/fdio.infra.terraform/1n_nmd/aws/providers.tf
deleted file mode 100644
index 9bcd95ec57..0000000000
--- a/fdio.infra.terraform/1n_nmd/aws/providers.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_providers {
- vault = {
- version = ">=2.22.1"
- }
- }
- required_version = ">= 1.0.3"
-}
-
-provider "vault" {
- address = "http://10.30.51.28:8200"
- skip_tls_verify = true
- token = "s.4z5PsufFwV3sHbCzK9Y2Cojd"
-} \ No newline at end of file
diff --git a/fdio.infra.terraform/1n_nmd/aws/variables.tf b/fdio.infra.terraform/1n_nmd/aws/variables.tf
deleted file mode 100644
index ee9fb73a73..0000000000
--- a/fdio.infra.terraform/1n_nmd/aws/variables.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-variable "aws_access_key" {
- sensitive = true
-}
-
-variable "aws_secret_key" {
- sensitive = true
-}
-
-variable "name" {
- default = "dynamic-aws-creds-vault-admin"
-} \ No newline at end of file
diff --git a/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py b/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py
deleted file mode 100755
index 2af895e8b9..0000000000
--- a/fdio.infra.terraform/1n_nmd/tools/artifacts_download.py
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/python3
-
-# Copyright (c) 2021 Cisco and/or its affiliates.
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""Storage utilities library."""
-
-from boto3 import resource
-from botocore.client import Config
-
-
-ENDPOINT_URL = u"http://storage.service.consul:9000"
-AWS_ACCESS_KEY_ID = u"storage"
-AWS_SECRET_ACCESS_KEY = u"Storage1234"
-REGION_NAME = u"yul1"
-LOGS_BUCKET = f"logs.fd.io"
-
-
-if __name__ == u"__main__":
- """Main function for storage manipulation."""
-
- # Create main storage resource.
- storage = resource(
- u"s3",
- endpoint_url=ENDPOINT_URL,
- aws_access_key_id=AWS_ACCESS_KEY_ID,
- aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
- config=Config(
- signature_version=u"s3v4"
- ),
- region_name=REGION_NAME
- )
-
- storage.Bucket(LOGS_BUCKET).download_file(
- "/vex-yul-rot-jenkins-1/csit-vpp-perf-report-iterative-2101-3n-skx/47/archives/output_info.xml.gz",
- "output.xml.gz"
- ) \ No newline at end of file
diff --git a/fdio.infra.terraform/1n_nmd/aws/main.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf
index be7eb7c577..a65c390792 100644
--- a/fdio.infra.terraform/1n_nmd/aws/main.tf
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/main.tf
@@ -3,8 +3,8 @@ resource "vault_aws_secret_backend" "aws" {
secret_key = var.aws_secret_key
path = "${var.name}-path"
- default_lease_ttl_seconds = "43200"
- max_lease_ttl_seconds = "43200"
+ default_lease_ttl_seconds = "0"
+ max_lease_ttl_seconds = "0"
}
resource "vault_aws_secret_backend_role" "admin" {
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf
new file mode 100644
index 0000000000..c084d486a6
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/providers.tf
@@ -0,0 +1,5 @@
+provider "vault" {
+ address = "http://10.30.51.28:8200"
+ skip_tls_verify = true
+ token = var.token
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
new file mode 100644
index 0000000000..df752980fd
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/variables.tf
@@ -0,0 +1,23 @@
+variable "aws_access_key" {
+ description = "AWS access key"
+ type = string
+ sensitive = true
+}
+
+variable "aws_secret_key" {
+ description = "AWS secret key"
+ type = string
+ sensitive = true
+}
+
+variable "name" {
+ default = "dynamic-aws-creds-vault-fdio"
+ description = "Vault path"
+ type = string
+}
+
+variable "token" {
+ description = "Vault root token"
+ type = string
+ sensitive = true
+}
diff --git a/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
new file mode 100644
index 0000000000..ef6f844721
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vault-aws-secret-backend/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+ backend "consul" {
+ address = "consul.service.consul:8500"
+ scheme = "http"
+ path = "fdio/terraform/1n/nomad"
+ }
+ required_providers {
+ vault = {
+ version = ">=2.22.1"
+ }
+ }
+ required_version = ">= 1.0.3"
+}