github.com/hernad/nomad@v1.6.112/e2e/terraform/hcp_consul.tf

github.com/hernad/nomad@v1.6.112/e2e/terraform/hcp_consul.tf (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  # Note: the test environment must have the following values set:
     5  # export HCP_CLIENT_ID=
     6  # export HCP_CLIENT_SECRET=
     7  # export CONSUL_HTTP_TOKEN=
     8  # export CONSUL_HTTP_ADDR=
     9  
    10  data "hcp_consul_cluster" "e2e_shared_consul" {
    11    cluster_id = var.hcp_consul_cluster_id
    12  }
    13  
    14  # policy and configuration for the Consul Agent
    15  
    16  resource "consul_acl_policy" "consul_agent" {
    17    name        = "${local.random_name}_consul_agent_policy"
    18    datacenters = [var.hcp_consul_cluster_id]
    19    rules       = data.local_file.consul_policy_for_consul_agent.content
    20  }
    21  
    22  data "local_file" "consul_policy_for_consul_agent" {
    23    filename = "${path.root}/etc/acls/consul/consul-agent-policy.hcl"
    24  }
    25  
    26  resource "consul_acl_token" "consul_agent_token" {
    27    description = "Consul agent token"
    28    policies    = [consul_acl_policy.consul_agent.name]
    29    local       = true
    30  }
    31  
    32  data "consul_acl_token_secret_id" "consul_agent_token" {
    33    accessor_id = consul_acl_token.consul_agent_token.id
    34  }
    35  
    36  resource "local_sensitive_file" "consul_acl_file" {
    37    content = templatefile("etc/consul.d/client_acl.json", {
    38      token = data.consul_acl_token_secret_id.consul_agent_token.secret_id
    39    })
    40    filename        = "uploads/shared/consul.d/client_acl.json"
    41    file_permission = "0600"
    42  }
    43  
    44  resource "local_sensitive_file" "consul_ca_file" {
    45    content         = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_ca_file)
    46    filename        = "uploads/shared/consul.d/ca.pem"
    47    file_permission = "0600"
    48  }
    49  
    50  resource "local_sensitive_file" "consul_config_file" {
    51    content         = base64decode(data.hcp_consul_cluster.e2e_shared_consul.consul_config_file)
    52    filename        = "uploads/shared/consul.d/consul_client.json"
    53    file_permission = "0644"
    54  }
    55  
    56  resource "local_sensitive_file" "consul_base_config_file" {
    57    content         = templatefile("${path.root}/etc/consul.d/clients.json", {})
    58    filename        = "uploads/shared/consul.d/consul_client_base.json"
    59    file_permission = "0644"
    60  }
    61  
    62  resource "local_sensitive_file" "consul_systemd_unit_file" {
    63    content         = templatefile("${path.root}/etc/consul.d/consul.service", {})
    64    filename        = "uploads/shared/consul.d/consul.service"
    65    file_permission = "0644"
    66  }
    67  
    68  # Nomad servers configuration for Consul
    69  
    70  resource "consul_acl_policy" "nomad_servers" {
    71    name        = "${local.random_name}_nomad_server_policy"
    72    datacenters = [var.hcp_consul_cluster_id]
    73    rules       = data.local_file.consul_policy_for_nomad_server.content
    74  }
    75  
    76  data "local_file" "consul_policy_for_nomad_server" {
    77    filename = "${path.root}/etc/acls/consul/nomad-server-policy.hcl"
    78  }
    79  
    80  resource "consul_acl_token" "nomad_servers_token" {
    81    description = "Nomad servers token"
    82    policies    = [consul_acl_policy.nomad_servers.name]
    83    local       = true
    84  }
    85  
    86  data "consul_acl_token_secret_id" "nomad_servers_token" {
    87    accessor_id = consul_acl_token.nomad_servers_token.id
    88  }
    89  
    90  resource "local_sensitive_file" "nomad_server_config_for_consul" {
    91    content = templatefile("etc/nomad.d/consul.hcl", {
    92      token               = data.consul_acl_token_secret_id.nomad_servers_token.secret_id
    93      client_service_name = "client-${local.random_name}"
    94      server_service_name = "server-${local.random_name}"
    95    })
    96    filename        = "uploads/shared/nomad.d/server-consul.hcl"
    97    file_permission = "0600"
    98  }
    99  
   100  # Nomad clients configuration for Consul
   101  
   102  resource "consul_acl_policy" "nomad_clients" {
   103    name        = "${local.random_name}_nomad_client_policy"
   104    datacenters = [var.hcp_consul_cluster_id]
   105    rules       = data.local_file.consul_policy_for_nomad_clients.content
   106  }
   107  
   108  data "local_file" "consul_policy_for_nomad_clients" {
   109    filename = "${path.root}/etc/acls/consul/nomad-client-policy.hcl"
   110  }
   111  
   112  resource "consul_acl_token" "nomad_clients_token" {
   113    description = "Nomad clients token"
   114    policies    = [consul_acl_policy.nomad_clients.name]
   115    local       = true
   116  }
   117  
   118  data "consul_acl_token_secret_id" "nomad_clients_token" {
   119    accessor_id = consul_acl_token.nomad_clients_token.id
   120  }
   121  
   122  resource "local_sensitive_file" "nomad_client_config_for_consul" {
   123    content = templatefile("etc/nomad.d/consul.hcl", {
   124      token               = data.consul_acl_token_secret_id.nomad_clients_token.secret_id
   125      client_service_name = "client-${local.random_name}"
   126      server_service_name = "server-${local.random_name}"
   127    })
   128    filename        = "uploads/shared/nomad.d/client-consul.hcl"
   129    file_permission = "0600"
   130  }