github.com/hernad/nomad@v1.6.112/e2e/terraform/nomad-acls.tf

github.com/hernad/nomad@v1.6.112/e2e/terraform/nomad-acls.tf (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  # Bootstrapping Nomad ACLs:
     5  # We can't both bootstrap the ACLs and use the Nomad TF provider's
     6  # resource.nomad_acl_token in the same Terraform run, because there's no way
     7  # to get the management token into the provider's environment after we bootstrap.
     8  # So we run a bootstrapping script and write our management token into a file
     9  # that we read in for the output of $(terraform output environment) later.
    10  
    11  locals {
    12    nomad_env = "NOMAD_ADDR=https://${aws_instance.server.0.public_ip}:4646 NOMAD_CACERT=keys/tls_ca.crt NOMAD_CLIENT_CERT=keys/tls_api_client.crt NOMAD_CLIENT_KEY=keys/tls_api_client.key"
    13  }
    14  
    15  resource "null_resource" "bootstrap_nomad_acls" {
    16    depends_on = [module.nomad_server]
    17    triggers = {
    18      script = data.template_file.bootstrap_nomad_script.rendered
    19    }
    20  
    21    provisioner "local-exec" {
    22      command = data.template_file.bootstrap_nomad_script.rendered
    23    }
    24  }
    25  
    26  # write the bootstrap token to the keys/ directory (where the ssh key is)
    27  # so that we can read it into the data.local_file later. If not set,
    28  # ensure that it's empty.
    29  data "template_file" "bootstrap_nomad_script" {
    30    template = "${local.nomad_env} ./scripts/bootstrap-nomad.sh"
    31  }
    32  
    33  data "local_file" "nomad_token" {
    34    depends_on = [null_resource.bootstrap_nomad_acls]
    35    filename   = "${path.root}/keys/nomad_root_token"
    36  }