github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/hcp_consul.tf

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/hcp_consul.tf (about)

     1  # Note: the test environment must have the following values set:
     2  # export HCP_CLIENT_ID=
     3  # export HCP_CLIENT_SECRET=
     4  # export CONSUL_HTTP_TOKEN=
     5  # export CONSUL_HTTP_ADDR=
     6  
     7  data "hcp_consul_cluster" "e2e_shared_consul" {
     8    cluster_id = var.hcp_consul_cluster_id
     9  }
    10  
    11  # policy and configuration for the Consul Agent
    12  
    13  resource "consul_acl_policy" "consul_agent" {
    14    name        = "${local.random_name}_consul_agent_policy"
    15    datacenters = [var.hcp_consul_cluster_id]
    16    rules       = data.local_file.consul_policy_for_consul_agent.content
    17  }
    18  
    19  data "local_file" "consul_policy_for_consul_agent" {
    20    filename = "${path.root}/etc/acls/consul/consul-agent-policy.hcl"
    21  }
    22  
    23  resource "consul_acl_token" "consul_agent_token" {
    24    description = "Consul agent token"
    25    policies    = [consul_acl_policy.consul_agent.name]
    26    local       = true
    27  }
    28  
    29  data "consul_acl_token_secret_id" "consul_agent_token" {
    30    accessor_id = consul_acl_token.consul_agent_token.id
    31  }
    32  
    33  resource "local_sensitive_file" "consul_acl_file" {
    34    content = templatefile("etc/consul.d/client_acl.json", {
    35      token = data.consul_acl_token_secret_id.consul_agent_token.secret_id
    36    })
    37    filename        = "uploads/shared/consul.d/client_acl.json"
    38    file_permission = "0600"
    39  }
    40  
    41  resource "local_sensitive_file" "consul_ca_file" {
    42    content         = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_ca_file)
    43    filename        = "uploads/shared/consul.d/ca.pem"
    44    file_permission = "0600"
    45  }
    46  
    47  resource "local_sensitive_file" "consul_config_file" {
    48    content         = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_config_file)
    49    filename        = "uploads/shared/consul.d/consul_client.json"
    50    file_permission = "0644"
    51  }
    52  
    53  resource "local_sensitive_file" "consul_base_config_file" {
    54    content         = templatefile("${path.root}/etc/consul.d/clients.json", {})
    55    filename        = "uploads/shared/consul.d/consul_client_base.json"
    56    file_permission = "0644"
    57  }
    58  
    59  resource "local_sensitive_file" "consul_systemd_unit_file" {
    60    content         = templatefile("${path.root}/etc/consul.d/consul.service", {})
    61    filename        = "uploads/shared/consul.d/consul.service"
    62    file_permission = "0644"
    63  }
    64  
    65  # Nomad servers configuration for Consul
    66  
    67  resource "consul_acl_policy" "nomad_servers" {
    68    name        = "${local.random_name}_nomad_server_policy"
    69    datacenters = [var.hcp_consul_cluster_id]
    70    rules       = data.local_file.consul_policy_for_nomad_server.content
    71  }
    72  
    73  data "local_file" "consul_policy_for_nomad_server" {
    74    filename = "${path.root}/etc/acls/consul/nomad-server-policy.hcl"
    75  }
    76  
    77  resource "consul_acl_token" "nomad_servers_token" {
    78    description = "Nomad servers token"
    79    policies    = [consul_acl_policy.nomad_servers.name]
    80    local       = true
    81  }
    82  
    83  data "consul_acl_token_secret_id" "nomad_servers_token" {
    84    accessor_id = consul_acl_token.nomad_servers_token.id
    85  }
    86  
    87  resource "local_sensitive_file" "nomad_server_config_for_consul" {
    88    content = templatefile("etc/nomad.d/consul.hcl", {
    89      token               = data.consul_acl_token_secret_id.nomad_servers_token.secret_id
    90      client_service_name = "client-${local.random_name}"
    91      server_service_name = "server-${local.random_name}"
    92    })
    93    filename        = "uploads/shared/nomad.d/server-consul.hcl"
    94    file_permission = "0600"
    95  }
    96  
    97  # Nomad clients configuration for Consul
    98  
    99  resource "consul_acl_policy" "nomad_clients" {
   100    name        = "${local.random_name}_nomad_client_policy"
   101    datacenters = [var.hcp_consul_cluster_id]
   102    rules       = data.local_file.consul_policy_for_nomad_clients.content
   103  }
   104  
   105  data "local_file" "consul_policy_for_nomad_clients" {
   106    filename = "${path.root}/etc/acls/consul/nomad-client-policy.hcl"
   107  }
   108  
   109  resource "consul_acl_token" "nomad_clients_token" {
   110    description = "Nomad clients token"
   111    policies    = [consul_acl_policy.nomad_clients.name]
   112    local       = true
   113  }
   114  
   115  data "consul_acl_token_secret_id" "nomad_clients_token" {
   116    accessor_id = consul_acl_token.nomad_clients_token.id
   117  }
   118  
   119  resource "local_sensitive_file" "nomad_client_config_for_consul" {
   120    content = templatefile("etc/nomad.d/consul.hcl", {
   121      token               = data.consul_acl_token_secret_id.nomad_clients_token.secret_id
   122      client_service_name = "client-${local.random_name}"
   123      server_service_name = "server-${local.random_name}"
   124    })
   125    filename        = "uploads/shared/nomad.d/client-consul.hcl"
   126    file_permission = "0600"
   127  }