github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/hcp-vault-auth/main.tf

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/hcp-vault-auth/main.tf (about)

     1  # Vault cluster admin tokens expire after 6 hours, so we need to
     2  # generate them fresh for test runs. But we can't generate the token
     3  # and then use that token with the vault provider in the same
     4  # Terraform run. So you'll need to apply this TF config separately
     5  # from the root configuratiion.
     6  
     7  variable "hcp_vault_cluster_id" {
     8    description = "The ID of the HCP Vault cluster"
     9    type        = string
    10    default     = "nomad-e2e-shared-hcp-vault"
    11  }
    12  
    13  variable "hcp_vault_namespace" {
    14    description = "The namespace where the HCP Vault cluster policy works"
    15    type        = string
    16    default     = "admin"
    17  }
    18  
    19  data "hcp_vault_cluster" "e2e_shared_vault" {
    20    cluster_id = var.hcp_vault_cluster_id
    21  }
    22  
    23  resource "hcp_vault_cluster_admin_token" "admin" {
    24    cluster_id = data.hcp_vault_cluster.e2e_shared_vault.cluster_id
    25  }
    26  
    27  output "message" {
    28    value = <<EOM
    29  Your cluster admin token has been provisioned! To prepare the test runner
    30  environment, run:
    31  
    32     $(terraform output --raw environment)
    33  EOM
    34  
    35  }
    36  
    37  output "environment" {
    38    description = "get connection config by running: $(terraform output environment)"
    39    sensitive   = true
    40    value       = <<EOM
    41  export VAULT_TOKEN=${hcp_vault_cluster_admin_token.admin.token}
    42  export VAULT_NAMESPACE=${var.hcp_vault_namespace}
    43  export VAULT_ADDR=${data.hcp_vault_cluster.e2e_shared_vault.vault_public_endpoint_url}
    44  
    45  EOM
    46  
    47  }