luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/e2e/terraform/hcp-vault-auth/main.tf
Tim Gross 9f05d62338
E2E with HCP Consul/Vault (#12267) 
Use HCP Consul and HCP Vault for the Consul and Vault clusters used in E2E testing. This has the following benefits:

* Without the need to support mTLS bootstrapping for Consul and Vault, we can simplify the mTLS configuration by leaning on Terraform instead of janky bash shell scripting.
* Vault bootstrapping is no longer required, so we can eliminate even more janky shell scripting
* Our E2E exercises HCP, which is important to us as an organization
* With the reduction in configurability, we can simplify the Terraform configuration and drop the complicated `provision.sh`/`provision.ps1` scripts we were using previously. We can template Nomad configuration files and upload them with the `file` provisioner.
* Packer builds for Linux and Windows become much simpler.

tl;dr way less janky shell scripting!
2022-03-18 09:27:28 -04:00

48 lines
1.3 KiB
HCL
Raw Blame History

# Vault cluster admin tokens expire after 6 hours, so we need to
# generate them fresh for test runs. But we can't generate the token
# and then use that token with the vault provider in the same
# Terraform run. So you'll need to apply this TF config separately
# from the root configuratiion.
variable "hcp_vault_cluster_id" {
description = "The ID of the HCP Vault cluster"
type = string
default = "nomad-e2e-shared-hcp-vault"
}
variable "hcp_vault_namespace" {
description = "The namespace where the HCP Vault cluster policy works"
type = string
default = "admin"
}
data "hcp_vault_cluster" "e2e_shared_vault" {
cluster_id = var.hcp_vault_cluster_id
}
resource "hcp_vault_cluster_admin_token" "admin" {
cluster_id = data.hcp_vault_cluster.e2e_shared_vault.cluster_id
}
output "message" {
value = <<EOM
Your cluster admin token has been provisioned! To prepare the test runner
environment, run:
$(terraform output --raw environment)
EOM
}
output "environment" {
description = "get connection config by running: $(terraform output environment)"
sensitive = true
value = <<EOM
export VAULT_TOKEN=${hcp_vault_cluster_admin_token.admin.token}
export VAULT_NAMESPACE=${var.hcp_vault_namespace}
export VAULT_ADDR=${data.hcp_vault_cluster.e2e_shared_vault.vault_public_endpoint_url}
EOM
}
Reference in a new issue View git blame Copy permalink