github.com/hernad/nomad@v1.6.112/e2e/terraform/hcp-vault-auth/main.tf

github.com/hernad/nomad@v1.6.112/e2e/terraform/hcp-vault-auth/main.tf (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  # Vault cluster admin tokens expire after 6 hours, so we need to
     5  # generate them fresh for test runs. But we can't generate the token
     6  # and then use that token with the vault provider in the same
     7  # Terraform run. So you'll need to apply this TF config separately
     8  # from the root configuratiion.
     9  
    10  variable "hcp_vault_cluster_id" {
    11    description = "The ID of the HCP Vault cluster"
    12    type        = string
    13    default     = "nomad-e2e-shared-hcp-vault"
    14  }
    15  
    16  variable "hcp_vault_namespace" {
    17    description = "The namespace where the HCP Vault cluster policy works"
    18    type        = string
    19    default     = "admin"
    20  }
    21  
    22  data "hcp_vault_cluster" "e2e_shared_vault" {
    23    cluster_id = var.hcp_vault_cluster_id
    24  }
    25  
    26  resource "hcp_vault_cluster_admin_token" "admin" {
    27    cluster_id = data.hcp_vault_cluster.e2e_shared_vault.cluster_id
    28  }
    29  
    30  output "message" {
    31    value = <<EOM
    32  Your cluster admin token has been provisioned! To prepare the test runner
    33  environment, run:
    34  
    35     $(terraform output --raw environment)
    36  EOM
    37  
    38  }
    39  
    40  output "environment" {
    41    description = "get connection config by running: $(terraform output environment)"
    42    sensitive   = true
    43    value       = <<EOM
    44  export VAULT_TOKEN=${hcp_vault_cluster_admin_token.admin.token}
    45  export VAULT_NAMESPACE=${var.hcp_vault_namespace}
    46  export VAULT_ADDR=${data.hcp_vault_cluster.e2e_shared_vault.vault_public_endpoint_url}
    47  
    48  EOM
    49  
    50  }