727277793b
Provisions vault with the policies described in the Nomad Vault integration guide, and drops a configuration file for Nomad vault server configuration with its token. The vault root token is exposed to the E2E runner so that tests can write additional policies to vault.
30 lines
1.2 KiB
HCL
30 lines
1.2 KiB
HCL
# Bootstrapping Nomad ACLs:
|
|
# We can't both bootstrap the ACLs and use the Nomad TF provider's
|
|
# resource.nomad_acl_token in the same Terraform run, because there's no way
|
|
# to get the management token into the provider's environment after we bootstrap.
|
|
# So we run a bootstrapping script and write our management token into a file
|
|
# that we read in for the output of $(terraform output environment) later.
|
|
|
|
resource "null_resource" "bootstrap_nomad_acls" {
|
|
depends_on = [module.nomad_server]
|
|
triggers = {
|
|
script = data.template_file.bootstrap_nomad_script.rendered
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = data.template_file.bootstrap_nomad_script.rendered
|
|
}
|
|
}
|
|
|
|
# write the bootstrap token to the keys/ directory (where the ssh key is)
|
|
# so that we can read it into the data.local_file later. If not set,
|
|
# ensure that it's empty.
|
|
data "template_file" "bootstrap_nomad_script" {
|
|
template = var.nomad_acls ? "NOMAD_ADDR=http://${aws_instance.server.0.public_ip}:4646 ./scripts/bootstrap-nomad.sh" : "mkdir -p ${path.root}/keys; echo > ${path.root}/keys/nomad_root_token"
|
|
}
|
|
|
|
data "local_file" "nomad_token" {
|
|
depends_on = [null_resource.bootstrap_nomad_acls]
|
|
filename = "${path.root}/keys/nomad_root_token"
|
|
}
|