-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathmain.tf
59 lines (49 loc) · 1.63 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
locals {
kv_path = "${var.kv_path}/${var.kv_subpath}"
}
################################################
# Policy to allow reading and listing of Docker auth credentials
# You need to include this policy with the tokens issued to Nomad Clients
################################################
data "template_file" "policy" {
template = file("${path.module}/templates/policy.hcl")
vars = {
kv_path = local.kv_path
}
}
resource "vault_policy" "policy" {
name = var.policy_name
policy = data.template_file.policy.rendered
}
################################################
# Optional mounting of a KV store
################################################
resource "vault_mount" "kv" {
count = var.provision_kv_store ? 1 : 0
path = var.kv_path
type = "kv"
}
################################################
# Registries Secrets
################################################
resource "vault_generic_secret" "registries" {
path = local.kv_path
data_json = jsonencode(var.registries)
}
################################################
# Mark in Consul for the `core` module scripts to configure themselves
################################################
resource "consul_key_prefix" "core_integration" {
depends_on = [
vault_mount.kv,
vault_policy.policy,
vault_generic_secret.registries,
]
count = var.core_integration ? 1 : 0
path_prefix = "${var.consul_key_prefix}docker-auth/"
subkeys = {
enabled = "yes"
path = local.kv_path
README = "This is used for integration with the `core` module. See https://github.com/GovTechSG/terraform-modules/tree/master/modules/docker-auth"
}
}