github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/tls_client.tf (about) 1 # tls_client.tf defines the mTLS certs that'll be used by the E2E test 2 # runner 3 4 resource "tls_private_key" "api_client" { 5 algorithm = "ECDSA" 6 ecdsa_curve = "P384" 7 } 8 9 resource "tls_cert_request" "api_client" { 10 private_key_pem = tls_private_key.api_client.private_key_pem 11 12 subject { 13 common_name = "${local.random_name} api client" 14 } 15 } 16 17 resource "tls_locally_signed_cert" "api_client" { 18 cert_request_pem = tls_cert_request.api_client.cert_request_pem 19 ca_private_key_pem = tls_private_key.ca.private_key_pem 20 ca_cert_pem = tls_self_signed_cert.ca.cert_pem 21 22 validity_period_hours = 720 23 24 # Reasonable set of uses for a server SSL certificate. 25 allowed_uses = [ 26 "key_encipherment", 27 "digital_signature", 28 "client_auth", 29 ] 30 } 31 32 resource "local_sensitive_file" "api_client_key" { 33 content = tls_private_key.api_client.private_key_pem 34 filename = "keys/tls_api_client.key" 35 } 36 37 resource "local_sensitive_file" "api_client_cert" { 38 content = tls_locally_signed_cert.api_client.cert_pem 39 filename = "keys/tls_api_client.crt" 40 } 41 42 # Self signed cert for reverse proxy 43 44 resource "tls_private_key" "self_signed" { 45 algorithm = "ECDSA" 46 ecdsa_curve = "P384" 47 } 48 49 resource "tls_self_signed_cert" "self_signed" { 50 private_key_pem = tls_private_key.self_signed.private_key_pem 51 subject { 52 common_name = "${local.random_name}.local" 53 organization = "HashiCorp, Inc." 54 } 55 56 ip_addresses = toset(aws_instance.client_ubuntu_jammy_amd64.*.public_ip) 57 58 validity_period_hours = 720 59 allowed_uses = [ 60 "server_auth" 61 ] 62 } 63 64 resource "local_sensitive_file" "self_signed_key" { 65 content = tls_private_key.self_signed.private_key_pem 66 filename = "keys/self_signed.key" 67 } 68 69 resource "local_sensitive_file" "self_signed_cert" { 70 content = tls_self_signed_cert.self_signed.cert_pem 71 filename = "keys/self_signed.crt" 72 }