E2E: terraform provisioner upgrades (#12652)

While working on infrastructure for testing the UI in E2E, we needed
to upgrade the certificate provider. Performing a provider upgrade via
the TF `init -upgrade` brought in updates for the file and AWS
providers as well. These updates include deprecating the use of
`sensitive_content` fields, removing CA algorithm parameters that can
be inferred from keys, and removing the requirement to manually
specify AWS assume role parameters in the provider config if they're
available in the calling environment's AWS config file (as they are
via doormat or our E2E environment).
This commit is contained in:
Tim Gross 2022-04-19 14:27:14 -04:00 committed by GitHub
parent 8084dd29a1
commit 70c262eb95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 191 additions and 213 deletions

View file

@ -2,74 +2,78 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.55.0"
version = "4.10.0"
hashes = [
"h1:Ls8MD4Olzybw9n0mP5Lr1S2PnZzlSKrpxvYN9u2p/dM=",
"zh:1795562df65e9e5a604c90fac17ab1a706bc398b38271a11bc43565d45532595",
"zh:266fd71ace988b5fecd72dae5f2f503e953a4d2ea51d8d490d22d1218b1407dc",
"zh:4b2daf1038352fb33df40a2bf9033f66383bb1f6509df70da08f86f4539df9f3",
"zh:59fa40d453baa15cee845fd62d8c807fc4d5204a5560ee7e54ebeef3a3143404",
"zh:5ad9f515354c654d53849d1193ee56e335b3b9cf8e8cbfa98479114e87089cc3",
"zh:69c3ebd945ce747e0b30315656bc8b4aec2f2486013c2a78d04890bff96d137d",
"zh:6bdb22a77b4d85b6d9f2403bce23d6c3c932dadd7c7541395cbbd51ec101842e",
"zh:7d5ba001be98432d6a1d385679a720cf0d6e6c0b1ee7d45384d2d6213e262b21",
"zh:ce4b85f470605c5cd24f8acfe05c6546d962a32ecf69a61034f0884c2e79fbcf",
"zh:d0b20e4e9e877279520162b7979e9cb8aa961cf06fb37d9f3e4ac7023c177545",
"zh:e029951f18e9dadd8929dddc752a5b354a4c9956b8ec1b67f4db7bc641199d22",
"h1:F9BjbxBhuo1A/rP318IUrkW3TAh29i6UC18qwhzCs6c=",
"zh:0a2a7eabfeb7dbb17b7f82aff3fa2ba51e836c15e5be4f5468ea44bd1299b48d",
"zh:23409c7205d13d2d68b5528e1c49e0a0455d99bbfec61eb0201142beffaa81f7",
"zh:3adad2245d97816f3919778b52c58fb2de130938a3e9081358bfbb72ec478d9a",
"zh:5bf100aba6332f24b1ffeae7536d5d489bb907bf774a06b95f2183089eaf1a1a",
"zh:63c3a24c0c229a1d3390e6ea2454ba4d8ace9b94e086bee1dbdcf665ae969e15",
"zh:6b76f5ffd920f0a750da3a4ff1d00eab18d9cd3731b009aae3df4135613bad4d",
"zh:8cd6b1e6b51e8e9bbe2944bb169f113d20d1d72d07ccd1b7b83f40b3c958233e",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:c5c31f58fb5bd6aebc6c662a4693640ec763cb3399cce0b592101cf24ece1625",
"zh:cc485410be43d6ad95d81b9e54cc4d2117aadf9bf5941165a9df26565d9cce42",
"zh:cebb89c74b6a3dc6780824b1d1e2a8d16a51e75679e14ad0b830d9f7da1a3a67",
"zh:e7dc427189cb491e1f96e295101964415cbf8630395ee51e396d2a811f365237",
]
}
provider "registry.terraform.io/hashicorp/consul" {
version = "2.14.0"
version = "2.15.1"
hashes = [
"h1:fbE0ZM8D8Q9m+BsHiYMAO+DQLwXOJoAlg8XXUq5FIrY=",
"zh:06dcca1f76b839af8f86c7b6f65b944003a7a35b30b865b3884f48e2c42f9aee",
"zh:16111df6a485e21cee6ca33cb863434baa1ca360c819c8e2af85e465c1361d2b",
"zh:26b59c82ac2861b2651c1fa31955c3e7790e3c2d5d097f22aa34d3c294da63cf",
"zh:70fd6853099126a602d5ac26caa80214a4a8a38f0cad8a5e3b7bef49923419d3",
"zh:7d4f0061d6fb86e0a5639ed02381063b868245082ec4e3a461bcda964ed00fcc",
"zh:a48cbf57d6511922362d5b0f76f449fba7a550c9d0702635fabb43b4f0a09fc0",
"zh:bb54994a53dd8e1ff84ca50742ce893863dc166fd41b91d951f4cb89fe6a6bc0",
"zh:bc61b19ee3c8d55a9915a3ad84203c87bfd0d57eca8eec788524b14e8b67f090",
"zh:cbe3238e756ada23c1e7c97c42a5c72bf810dc5bd1265c9f074c3e739d1090b0",
"zh:e30198054239eab46493e59956b9cd8c376c3bbd9515ac102a96d1fbd32e423f",
"zh:e74365dba529a0676107e413986d7be81c2125c197754ce69e3e89d8daa53153",
"h1:XGOBrMc6OQsNpgQtgtV6H0/jYe7yVIYxEDsErV/R6SE=",
"zh:1806830a3cf103e65e772a7d28fd4df2788c29a029fb2def1326bc777ad107ed",
"zh:252be544fb4c9daf09cad7d3776daf5fa66b62740d3ea9d6d499a7b1697c3433",
"zh:50985fe02a8e5ae47c75d7c28c911b25d7dc4716cff2ed55ca05889ab77a1f73",
"zh:54cf0ec90538703c66937c77e8d72a38d5af47437eb0b8b55eb5836c5d288878",
"zh:704f536c621337e06fffef6d5f49ac81f52d249f937250527c12884cb83aefed",
"zh:896d8ef6d0b555299f124eb25bce8a17d735da14ef21f07582098d301f47da30",
"zh:976277a85b0a0baafe267cc494f766448d1da5b6936ddcb3ce393bd4d22f08d2",
"zh:c7faa9a2b11bc45833a3e8e340f22f1ecf01597eaeffa7669234b4549d7dfa85",
"zh:caf851ef9c8ce482864badf7058f9278d4537112fa236efd8f1a9315801d9061",
"zh:db203435d58b0ac842540861b3307a623423275d85754c171773f3b210ae5b24",
"zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5",
"zh:f710a37190429045d109edd35de69db3b5f619919c2fa04c77a3a639fea9fd7d",
]
}
provider "registry.terraform.io/hashicorp/external" {
version = "2.1.0"
version = "2.2.2"
hashes = [
"h1:LTl5CGW8wiIEe16AC4MtXN/95xWWNDbap70zJsBTk0w=",
"zh:0d83ffb72fbd08986378204a7373d8c43b127049096eaf2765bfdd6b00ad9853",
"zh:7577d6edc67b1e8c2cf62fe6501192df1231d74125d90e51d570d586d95269c5",
"zh:9c669ded5d5affa4b2544952c4b6588dfed55260147d24ced02dca3a2829f328",
"zh:a404d46f2831f90633947ab5d57e19dbfe35b3704104ba6ec80bcf50b058acfd",
"zh:ae1caea1c936d459ceadf287bb5c5bd67b5e2a7819df6f5c4114b7305df7f822",
"zh:afb4f805477694a4b9dde86b268d2c0821711c8aab1c6088f5f992228c4c06fb",
"zh:b993b4a1de8a462643e78f4786789e44ce5064b332fee1cb0d6250ed085561b8",
"zh:c84b2c13fa3ea2c0aa7291243006d560ce480a5591294b9001ce3742fc9c5791",
"zh:c8966f69b7eccccb771704fd5335923692eccc9e0e90cb95d14538fe2e92a3b8",
"zh:d5fe68850d449b811e633a300b114d0617df6d450305e8251643b4d143dc855b",
"zh:ddebfd1e674ba336df09b1f27bbaa0e036c25b7a7087dc8081443f6e5954028b",
"h1:VUkgcWvCliS0HO4kt7oEQhFD2gcx/59XpwMqxfCU1kE=",
"zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
"zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
"zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
"zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
"zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
"zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
"zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
"zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
"zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
"zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
]
}
provider "registry.terraform.io/hashicorp/hcp" {
version = "0.23.1"
version = "0.26.0"
hashes = [
"h1:OeCY9pcVhlaVbONZ8fQ7Dgm/hFmkhmXXWJaAnLitkqM=",
"zh:02c661913643a56ba640432a0bcdf2824218a3598a243da4fd6079238164e7f6",
"zh:2359656d097fb1164bfe961314dafdac80f272c9bc0e359a6e43f5467a231e8f",
"zh:2463ac7e40702cbb4ebd4a397964b87de1b65dcb6982eab32f2bd40c9a5b1294",
"zh:420ef5061b936741a469b4e02dfe9ee047d928c294647e8c5f93e4a8890997a3",
"zh:5eba99a60a3366cd97b70a4ee26cb4489ca320699010bd03ca726772a10089c1",
"zh:82419028e8691acbb2c3f7e7d8c2c931ee03d6b3df6b97f5b965365f0a90392f",
"zh:93b7eecff21055c8b46d5a69ba982abc76479f73a78f67fc86fc86ba56f630cd",
"zh:c151238e96c30126529ccc42bf06d84f73fcd87ee40dbb493be8d85ef0efd453",
"zh:d476ebe1a628abd08d11354a13e5b8aa708d820dcad78587b8440d12f0e219ef",
"zh:e48130a57cf930755983b861768b8e88767e11df33640386d03496d551fb64ce",
"zh:ed9cf5173ea09010ef5ecae452dd3da52054a659e23af8d8e1ed6a45270cd531",
"h1:C0KoYT09Ff91pE5KzrFrISCE5wQyJaJnxPdA0SXDOzI=",
"zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d",
"zh:6fa5415dbac9c8d20026772dd5aee7dd3ac541e9d86827d0b70bc752472ec76c",
"zh:7490212c32339153165aec1dcef063804aac0d3f1cfbdfd3d04d7a60c29b0f40",
"zh:792e8fbe630159105801a471c46c988d94636637c1e5cdb725956cab4e664c87",
"zh:9e460a3e4735ff24f2fc1c445fce54e4ed596c8dc97f683f5cefa93fb2be9b14",
"zh:a124e8366fdf10d17a0b2860151beb00e12d8c33860fcc661547d0239138d3fb",
"zh:a9b9cb4d077f8d8bcc22c813aea820c224228807f34e2e3716d30c84ce63c53a",
"zh:aae6a8e87c6c64bb33311ef658993a5cc8398aac8dcb2c18953bd9e96a2e0011",
"zh:dc2e83b8f4ca2d4aa2e0b5cc98b9c298c1cf5c583d323320c85d4f06f8f4b43c",
"zh:e17b1c7ef80c3507c892d343282c61dc58ab45978481ee004843f1746f6b791c",
"zh:ee35efe2628aca5f259f3fee8db15accfdced1a5530f01c8a23f59e5ed5dcb7a",
"zh:f8173393330eb376b7357f8271d1c75e0850905dceb32ce482af58e112894278",
]
}
@ -77,6 +81,7 @@ provider "registry.terraform.io/hashicorp/http" {
version = "2.1.0"
hashes = [
"h1:GYoVrTtiSAE3AlP1fad3fFmHoPaXAPhm/DJyMcVCwZA=",
"h1:q/YFxlfQW6FAMM5LIITGWnlJIuu52eqij82TLp135x8=",
"zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826",
"zh:0704d02926393ddc0cfad0b87c3d51eafeeae5f9e27cc71e193c141079244a22",
"zh:095ea350ea94973e043dad2394f10bca4a4bf41be775ba59d19961d39141d150",
@ -92,62 +97,66 @@ provider "registry.terraform.io/hashicorp/http" {
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.1.0"
version = "2.2.2"
hashes = [
"h1:KfieWtVyGWwplSoLIB5usKAUnrIkDQBkWaR5TI+4WYg=",
"zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
"zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
"zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
"zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
"zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
"zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
"zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
"zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
"zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
"zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
"zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
"h1:SjDyZXIUHEQzZe10VjhlhZq2a9kgQB6tmqJcpq2BeWg=",
"zh:027e4873c69da214e2fed131666d5de92089732a11d096b68257da54d30b6f9d",
"zh:0ba2216e16cfb72538d76a4c4945b4567a76f7edbfef926b1c5a08d7bba2a043",
"zh:1fee8f6aae1833c27caa96e156cf99a681b6f085e476d7e1b77d285e21d182c1",
"zh:2e8a3e72e877003df1c390a231e0d8e827eba9f788606e643f8e061218750360",
"zh:719008f9e262aa1523a6f9132adbe9eee93c648c2981f8359ce41a40e6425433",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:9a70fdbe6ef955c4919a4519caca116f34c19c7ddedd77990fbe4f80fe66dc84",
"zh:abc412423d670cbb6264827fa80e1ffdc4a74aff3f19ba6a239dd87b85b15bec",
"zh:ae953a62c94d2a2a0822e5717fafc54e454af57bd6ed02cd301b9786765c1dd3",
"zh:be0910bdf46698560f9e86f51a4ff795c62c02f8dc82b2b1dab77a0b3a93f61e",
"zh:e58f9083b7971919b95f553227adaa7abe864fce976f0166cf4d65fc17257ff2",
"zh:ff4f77cbdbb22cc98182821c7ef84dce16298ab0e997d5c7fae97247f7a4bcb0",
]
}
provider "registry.terraform.io/hashicorp/null" {
version = "3.1.0"
version = "3.1.1"
hashes = [
"h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=",
"zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
"zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
"zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
"zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
"zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
"zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
"zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
"zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
"zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
"zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
"zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
"h1:Pctug/s/2Hg5FJqjYcTM0kPyx3AoYK1MpRWO0T9V2ns=",
"zh:063466f41f1d9fd0dd93722840c1314f046d8760b1812fa67c34de0afcba5597",
"zh:08c058e367de6debdad35fc24d97131c7cf75103baec8279aba3506a08b53faf",
"zh:73ce6dff935150d6ddc6ac4a10071e02647d10175c173cfe5dca81f3d13d8afe",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:8fdd792a626413502e68c195f2097352bdc6a0df694f7df350ed784741eb587e",
"zh:976bbaf268cb497400fd5b3c774d218f3933271864345f18deebe4dcbfcd6afa",
"zh:b21b78ca581f98f4cdb7a366b03ae9db23a73dfa7df12c533d7c19b68e9e72e5",
"zh:b7fc0c1615dbdb1d6fd4abb9c7dc7da286631f7ca2299fb9cd4664258ccfbff4",
"zh:d1efc942b2c44345e0c29bc976594cb7278c38cfb8897b344669eafbc3cddf46",
"zh:e356c245b3cd9d4789bab010893566acace682d7db877e52d40fc4ca34a50924",
"zh:ea98802ba92fcfa8cf12cbce2e9e7ebe999afbf8ed47fa45fc847a098d89468b",
"zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.1.0"
version = "3.1.2"
hashes = [
"h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
"zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
"zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
"zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
"zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
"zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
"zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
"zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
"zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
"zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
"zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
"zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
"h1:9A6Ghjgad0KjJRxa6nPo8i8uFvwj3Vv0wnEgy49u+24=",
"zh:0daceba867b330d3f8e2c5dc895c4291845a78f31955ce1b91ab2c4d1cd1c10b",
"zh:104050099efd30a630741f788f9576b19998e7a09347decbec3da0b21d64ba2d",
"zh:173f4ef3fdf0c7e2564a3db0fac560e9f5afdf6afd0b75d6646af6576b122b16",
"zh:41d50f975e535f968b3f37170fb07937c15b76d85ba947d0ce5e5ff9530eda65",
"zh:51a5038867e5e60757ed7f513dd6a973068241190d158a81d1b69296efb9cb8d",
"zh:6432a568e97a5a36cc8aebca5a7e9c879a55d3bc71d0da1ab849ad905f41c0be",
"zh:6bac6501394b87138a5e17c9f3a41e46ff7833ad0ba2a96197bb7787e95b641c",
"zh:6c0a7f5faacda644b022e7718e53f5868187435be6d000786d1ca05aa6683a25",
"zh:74c89de3fa6ef3027efe08f8473c2baeb41b4c6cee250ba7aeb5b64e8c79800d",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:b29eabbf0a5298f0e95a1df214c7cfe06ea9bcf362c63b3ad2f72d85da7d4685",
"zh:e891458c7a61e5b964e09616f1a4f87d0471feae1ec04cc51776e7dec1a3abce",
]
}
provider "registry.terraform.io/hashicorp/template" {
version = "2.2.0"
hashes = [
"h1:0PGmlQJDT2HHYSryvhnhvd9P5UzMZ3KX3YyMNsOYXU0=",
"h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
"zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
"zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
@ -163,37 +172,38 @@ provider "registry.terraform.io/hashicorp/template" {
}
provider "registry.terraform.io/hashicorp/tls" {
version = "3.1.0"
version = "3.3.0"
hashes = [
"h1:XTU9f6sGMZHOT8r/+LWCz2BZOPH127FBTPjMMEAAu1U=",
"zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6",
"zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2",
"zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e",
"zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca",
"zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698",
"zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d",
"zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841",
"zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989",
"zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5",
"zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d",
"zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0",
"h1:A4xOtHhD4jCmn4nO1xCTk2Nl5IP5JpjicjF+Fuu2ZFQ=",
"zh:16140e8cc880f95b642b6bf6564f4e98760e9991864aacc8e21273423571e561",
"zh:16338b8457759c97fdd73153965d6063b037f2954fd512e569fcdc42b7fef743",
"zh:348bd44b7cd0c6d663bba36cecb474c17635a8f22b02187d034b8e57a8729c5a",
"zh:3832ac73c2335c0fac26138bacbd18160efaa3f06c562869acc129e814e27f86",
"zh:756d1e60690d0164eee9c93b498b4c8beabbfc1d8b7346cb6d2fa719055089d6",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:93b911bcddba8dadc5339edb004c8019c230ea67477c73c4f741c236dd9511b1",
"zh:c0c4e5742e8ac004c507540423db52af3f44b8ec04443aa8e14669340819344f",
"zh:c78296a1dff8ccd5d50203aac353422fc18d425072ba947c88cf5b46de7d32d2",
"zh:d7143f444e0f7e6cd67fcaf080398b4f1487cf05de3e0e79af6c14e22812e38b",
"zh:e600ac76b118816ad72132eee4c22ab5fc044f67c3babc54537e1fc1ad53d295",
"zh:fca07af5f591e12d2dc178a550da69a4847bdb34f8180a5b8e04fde6b528cf99",
]
}
provider "registry.terraform.io/hashicorp/vault" {
version = "3.3.1"
version = "3.4.1"
hashes = [
"h1:4u5bqCcflSWqJgr3+/02HtP+ZuF4tUaEIUMTW0nv98k=",
"zh:3e1866037f43c1083ff825dce2a9e3853c757bb0121c5ae528ee3cf3f99b4113",
"zh:49636cc5c4939134e098c4ec0163c41fae103f24d7e1e8fc0432f8ad93d596a0",
"zh:5258a7001719c4aeb84f4c4da7115b795da4794754938a3c4176a4b578fe93a1",
"zh:7461738691e2e8ea91aba73d4351cfbc30fcaedcf0e332c9d35ef215f93aa282",
"zh:815529478e33a6727273b08340a4c62c9aeb3da02abf8f091bb4f545c8451fce",
"zh:8e6fede9f5e25b507faf6cacd61b997035b8b62859245861149ddb2990ada8eb",
"zh:9acc2387084b9c411e264c4351633bc82f9c4e420f8e6bbad9f87b145351f929",
"zh:b9e4af3b06386ceed720f0163a1496088c154aa1430ae072c525ffefa4b37891",
"zh:c7d5dfb8f8536694db6740e2a4afd2d681b60b396ded469282524c62ce154861",
"zh:d0850be710c6fd682634a2f823beed0164231cc873b1dc09038aa477c926f57c",
"zh:e90c2cba9d89db5eab295b2f046f24a53f23002bcfe008633d398fb3fa16d941",
"h1:HIjd/7KktGO5E/a0uICbIanUj0Jdd0j8aL/r+QxFhAs=",
"zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577",
"zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25",
"zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd",
"zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d",
"zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e",
"zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51",
"zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7",
"zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8",
"zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e",
"zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12",
"zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e",
]
}

View file

@ -30,36 +30,36 @@ data "consul_acl_token_secret_id" "consul_agent_token" {
accessor_id = consul_acl_token.consul_agent_token.id
}
resource "local_file" "consul_acl_file" {
sensitive_content = templatefile("etc/consul.d/client_acl.json", {
resource "local_sensitive_file" "consul_acl_file" {
content = templatefile("etc/consul.d/client_acl.json", {
token = data.consul_acl_token_secret_id.consul_agent_token.secret_id
})
filename = "uploads/shared/consul.d/client_acl.json"
file_permission = "0600"
}
resource "local_file" "consul_ca_file" {
sensitive_content = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_ca_file)
resource "local_sensitive_file" "consul_ca_file" {
content = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_ca_file)
filename = "uploads/shared/consul.d/ca.pem"
file_permission = "0600"
}
resource "local_file" "consul_config_file" {
sensitive_content = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_config_file)
resource "local_sensitive_file" "consul_config_file" {
content = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_config_file)
filename = "uploads/shared/consul.d/consul_client.json"
file_permission = "0744"
file_permission = "0644"
}
resource "local_file" "consul_base_config_file" {
sensitive_content = templatefile("${path.root}/etc/consul.d/clients.json", {})
resource "local_sensitive_file" "consul_base_config_file" {
content = templatefile("${path.root}/etc/consul.d/clients.json", {})
filename = "uploads/shared/consul.d/consul_client_base.json"
file_permission = "0744"
file_permission = "0644"
}
resource "local_file" "consul_systemd_unit_file" {
sensitive_content = templatefile("${path.root}/etc/consul.d/consul.service", {})
resource "local_sensitive_file" "consul_systemd_unit_file" {
content = templatefile("${path.root}/etc/consul.d/consul.service", {})
filename = "uploads/shared/consul.d/consul.service"
file_permission = "0744"
file_permission = "0644"
}
# Nomad servers configuration for Consul
@ -84,8 +84,8 @@ data "consul_acl_token_secret_id" "nomad_servers_token" {
accessor_id = consul_acl_token.nomad_servers_token.id
}
resource "local_file" "nomad_server_config_for_consul" {
sensitive_content = templatefile("etc/nomad.d/consul.hcl", {
resource "local_sensitive_file" "nomad_server_config_for_consul" {
content = templatefile("etc/nomad.d/consul.hcl", {
token = data.consul_acl_token_secret_id.nomad_servers_token.secret_id
client_service_name = "client-${local.random_name}"
server_service_name = "server-${local.random_name}"
@ -116,8 +116,8 @@ data "consul_acl_token_secret_id" "nomad_clients_token" {
accessor_id = consul_acl_token.nomad_clients_token.id
}
resource "local_file" "nomad_client_config_for_consul" {
sensitive_content = templatefile("etc/nomad.d/consul.hcl", {
resource "local_sensitive_file" "nomad_client_config_for_consul" {
content = templatefile("etc/nomad.d/consul.hcl", {
token = data.consul_acl_token_secret_id.nomad_clients_token.secret_id
client_service_name = "client-${local.random_name}"
server_service_name = "server-${local.random_name}"

View file

@ -38,8 +38,8 @@ resource "vault_token_auth_backend_role" "nomad_cluster" {
token_max_ttl = "0"
}
resource "local_file" "nomad_config_for_vault" {
sensitive_content = templatefile("etc/nomad.d/vault.hcl", {
resource "local_sensitive_file" "nomad_config_for_vault" {
content = templatefile("etc/nomad.d/vault.hcl", {
token = vault_token.nomad.client_token
url = data.hcp_vault_cluster.e2e_shared_vault.vault_private_endpoint_url
namespace = var.hcp_vault_namespace

View file

@ -1,11 +1,5 @@
provider "aws" {
region = var.region
assume_role {
role_arn = var.aws_assume_role_arn
session_name = var.aws_assume_role_session_name
external_id = var.aws_assume_role_external_id
}
}
data "aws_caller_identity" "current" {

View file

@ -1,7 +1,7 @@
resource "local_file" "nomad_systemd_unit_file" {
sensitive_content = templatefile("etc/nomad.d/nomad-${var.role}.service", {})
resource "local_sensitive_file" "nomad_systemd_unit_file" {
content = templatefile("etc/nomad.d/nomad-${var.role}.service", {})
filename = "${local.upload_dir}/nomad.d/nomad.service"
file_permission = "0700"
file_permission = "0600"
}
resource "null_resource" "install_nomad_binary_linux" {

View file

@ -6,36 +6,36 @@ locals {
}
# if nomad_license is unset, it'll be a harmless empty license file
resource "local_file" "nomad_environment" {
sensitive_content = templatefile("etc/nomad.d/.environment", {
resource "local_sensitive_file" "nomad_environment" {
content = templatefile("etc/nomad.d/.environment", {
license = var.nomad_license
})
filename = "${local.upload_dir}/nomad.d/.environment"
file_permission = "0600"
}
resource "local_file" "nomad_base_config" {
sensitive_content = templatefile("etc/nomad.d/base.hcl", {
resource "local_sensitive_file" "nomad_base_config" {
content = templatefile("etc/nomad.d/base.hcl", {
data_dir = var.platform != "windows" ? "/opt/nomad/data" : "C://opt/nomad/data"
})
filename = "${local.upload_dir}/nomad.d/base.hcl"
file_permission = "0600"
}
resource "local_file" "nomad_role_config" {
sensitive_content = templatefile("etc/nomad.d/${var.role}-${var.platform}.hcl", {})
resource "local_sensitive_file" "nomad_role_config" {
content = templatefile("etc/nomad.d/${var.role}-${var.platform}.hcl", {})
filename = "${local.upload_dir}/nomad.d/${var.role}.hcl"
file_permission = "0600"
}
resource "local_file" "nomad_indexed_config" {
sensitive_content = templatefile(local.indexed_config_path, {})
resource "local_sensitive_file" "nomad_indexed_config" {
content = templatefile(local.indexed_config_path, {})
filename = "${local.upload_dir}/nomad.d/${var.role}-${var.platform}-${var.index}.hcl"
file_permission = "0600"
}
resource "local_file" "nomad_tls_config" {
sensitive_content = templatefile("etc/nomad.d/tls.hcl", {})
resource "local_sensitive_file" "nomad_tls_config" {
content = templatefile("etc/nomad.d/tls.hcl", {})
filename = "${local.upload_dir}/nomad.d/tls.hcl"
file_permission = "0600"
}
@ -98,35 +98,35 @@ resource "null_resource" "upload_nomad_configs" {
}
provisioner "file" {
source = local_file.nomad_environment.filename
source = local_sensitive_file.nomad_environment.filename
destination = "/tmp/.environment"
}
provisioner "file" {
source = local_file.nomad_base_config.filename
source = local_sensitive_file.nomad_base_config.filename
destination = "/tmp/base.hcl"
}
provisioner "file" {
source = local_file.nomad_role_config.filename
source = local_sensitive_file.nomad_role_config.filename
destination = "/tmp/${var.role}-${var.platform}.hcl"
}
provisioner "file" {
source = local_file.nomad_indexed_config.filename
source = local_sensitive_file.nomad_indexed_config.filename
destination = "/tmp/${var.role}-${var.platform}-${var.index}.hcl"
}
provisioner "file" {
source = local_file.nomad_tls_config.filename
source = local_sensitive_file.nomad_tls_config.filename
destination = "/tmp/tls.hcl"
}
provisioner "file" {
source = local_file.nomad_systemd_unit_file.filename
source = local_sensitive_file.nomad_systemd_unit_file.filename
destination = "/tmp/nomad.service"
}
provisioner "file" {
source = local_file.nomad_client_key.filename
source = local_sensitive_file.nomad_client_key.filename
destination = "/tmp/agent-${var.instance.public_ip}.key"
}
provisioner "file" {
source = local_file.nomad_client_cert.filename
source = local_sensitive_file.nomad_client_cert.filename
destination = "/tmp/agent-${var.instance.public_ip}.crt"
}
provisioner "file" {

View file

@ -4,7 +4,6 @@ resource "tls_private_key" "nomad" {
}
resource "tls_cert_request" "nomad" {
key_algorithm = "ECDSA"
private_key_pem = tls_private_key.nomad.private_key_pem
ip_addresses = [var.instance.public_ip, var.instance.private_ip, "127.0.0.1"]
dns_names = ["${var.role}.global.nomad"]
@ -16,7 +15,6 @@ resource "tls_cert_request" "nomad" {
resource "tls_locally_signed_cert" "nomad" {
cert_request_pem = tls_cert_request.nomad.cert_request_pem
ca_key_algorithm = var.tls_ca_algorithm
ca_private_key_pem = var.tls_ca_key
ca_cert_pem = var.tls_ca_cert
@ -31,12 +29,12 @@ resource "tls_locally_signed_cert" "nomad" {
]
}
resource "local_file" "nomad_client_key" {
sensitive_content = tls_private_key.nomad.private_key_pem
resource "local_sensitive_file" "nomad_client_key" {
content = tls_private_key.nomad.private_key_pem
filename = "keys/agent-${var.instance.public_ip}.key"
}
resource "local_file" "nomad_client_cert" {
sensitive_content = tls_locally_signed_cert.nomad.cert_pem
resource "local_sensitive_file" "nomad_client_cert" {
content = tls_locally_signed_cert.nomad.cert_pem
filename = "keys/agent-${var.instance.public_ip}.crt"
}

View file

@ -6,7 +6,6 @@ resource "tls_private_key" "ca" {
}
resource "tls_self_signed_cert" "ca" {
key_algorithm = "ECDSA"
private_key_pem = tls_private_key.ca.private_key_pem
subject {

View file

@ -7,7 +7,6 @@ resource "tls_private_key" "api_client" {
}
resource "tls_cert_request" "api_client" {
key_algorithm = "ECDSA"
private_key_pem = tls_private_key.api_client.private_key_pem
subject {
@ -17,7 +16,6 @@ resource "tls_cert_request" "api_client" {
resource "tls_locally_signed_cert" "api_client" {
cert_request_pem = tls_cert_request.api_client.cert_request_pem
ca_key_algorithm = tls_private_key.ca.algorithm
ca_private_key_pem = tls_private_key.ca.private_key_pem
ca_cert_pem = tls_self_signed_cert.ca.cert_pem
@ -31,12 +29,12 @@ resource "tls_locally_signed_cert" "api_client" {
]
}
resource "local_file" "api_client_key" {
sensitive_content = tls_private_key.api_client.private_key_pem
resource "local_sensitive_file" "api_client_key" {
content = tls_private_key.api_client.private_key_pem
filename = "keys/tls_api_client.key"
}
resource "local_file" "api_client_cert" {
sensitive_content = tls_locally_signed_cert.api_client.cert_pem
resource "local_sensitive_file" "api_client_cert" {
content = tls_locally_signed_cert.api_client.cert_pem
filename = "keys/tls_api_client.crt"
}

View file

@ -33,27 +33,6 @@ variable "client_count_windows_2016_amd64" {
default = "1"
}
variable "aws_assume_role_arn" {
description = "The AWS IAM role to assume (not used by human users)"
default = ""
}
variable "aws_assume_role_session_name" {
description = "The AWS IAM session name to assume (not used by human users)"
default = ""
}
variable "aws_assume_role_external_id" {
description = "The AWS IAM external ID to assume (not used by human users)"
default = ""
}
variable "profile" {
description = "A default Nomad/Consul/Vault configuration profile"
type = string
default = ""
}
variable "restrict_ingress_cidrblock" {
description = "Restrict ingress traffic to cluster to invoker ip address"
type = bool