generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: include unofficial extensions<br>- NOTE: No upgrade path support…
…ed from previous versions (#56)
- Loading branch information
Showing
32 changed files
with
910 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule common-dev-assets
updated
10 files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
# MQ on Cloud API Key | ||
|
||
This is an experimental module to extend the [application module](../application). This module uses the application create_api_key_uri to return an application user name and password. | ||
|
||
[Learn more](https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-users_and_apps) | ||
|
||
This module is problematic in some environments. A temporary step during the provisioning of the key writes to a file. This file has to be retained from one terraform command to another. This means pipeline environments, such as IBM Cloud schematics, which use a clean environment for each run will fail after the first apply. | ||
|
||
### Usage | ||
|
||
```hcl | ||
module "application_api_key" { | ||
source = "terraform-ibm-modules/mq-cloud/ibm//modules/experimental-api-key" | ||
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release | ||
ibmcloud_api_key = "IBM Cloud Api Key" # pragma: allowlist secret | ||
key_name = "my-application-key" | ||
href = module.<application>.href | ||
} | ||
``` | ||
|
||
<!-- The following content is automatically populated by the pre-commit hook --> | ||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
### Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 | | ||
| <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.5.2 | | ||
|
||
### Modules | ||
|
||
No modules. | ||
|
||
### Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [terraform_data.bootstrap_api_key](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource | | ||
| [local_sensitive_file.bootstrap_api_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/sensitive_file) | data source | | ||
|
||
### Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_href"></a> [href](#input\_href) | The application href | `string` | n/a | yes | | ||
| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key to deploy resources. | `string` | n/a | yes | | ||
| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | The name to give to the api key | `string` | n/a | yes | | ||
|
||
### Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_api_key"></a> [api\_key](#output\_api\_key) | MQ on Cloud application API key (sensitive) | | ||
| <a name="output_api_key_id"></a> [api\_key\_id](#output\_api\_key\_id) | MQ on Cloud application API key id | | ||
| <a name="output_api_key_name"></a> [api\_key\_name](#output\_api\_key\_name) | MQ on Cloud application API key name | | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
# Exit if any of the intermediate steps fail | ||
set -e | ||
|
||
APIKEY=${1} | ||
KEYNAME=${2} | ||
HREF=${3} | ||
|
||
BEARER=$(curl -X POST "https://iam.cloud.ibm.com/identity/token" --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' --data-urlencode 'apikey='"${APIKEY}" 2>/dev/null | jq .access_token | sed 's/^"//' | sed 's/"$//') # pragma: allowlist secret | ||
|
||
# shellcheck disable=SC2086 | ||
KEY=$(curl -X POST --location --header "Authorization: Bearer ${BEARER}" --header "Accept: application/json" --header "Content-Type: application/json" --data '{ "name": "'${KEYNAME}'" }' "${HREF}" 2>/dev/null) | ||
|
||
echo "${KEY}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
############################################################################## | ||
# terraform-ibm-mq-cloud | ||
# | ||
# Create an MQ on Cloud application api key | ||
############################################################################## | ||
|
||
locals { | ||
api_key_href = "${var.href}/api_key" | ||
} | ||
|
||
# terraform_data is as a do-nothing container for arbitrary actions taken by a provisioner. | ||
# Redirect standard output to a file | ||
resource "terraform_data" "bootstrap_api_key" { | ||
triggers_replace = [] | ||
|
||
provisioner "local-exec" { | ||
command = "../../modules/experimental-api-key/curlly.sh \"${var.ibmcloud_api_key}\" \"${var.key_name}\" \"${local.api_key_href}\" > bootstrap_api_key.txt" | ||
} | ||
} | ||
|
||
# Sensitively read output | ||
data "local_sensitive_file" "bootstrap_api_key" { | ||
filename = "bootstrap_api_key.txt" | ||
|
||
depends_on = [resource.terraform_data.bootstrap_api_key] | ||
} | ||
|
||
# Find values in JSON, retaining sensitive on api_key | ||
locals { | ||
api_key = regexall("(.*api_key\":\")([0-9a-zA-Z_]*)", data.local_sensitive_file.bootstrap_api_key.content)[0][1] | ||
api_key_id = nonsensitive(regexall("(.*api_key_id\":\")([0-9a-fApiKey-]*)", data.local_sensitive_file.bootstrap_api_key.content)[0][1]) | ||
api_key_name = nonsensitive(regexall("(.*api_key_name\":\")([0-9a-zA-Z-_]*)", data.local_sensitive_file.bootstrap_api_key.content)[0][1]) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
######################################################################################################################## | ||
# Outputs | ||
######################################################################################################################## | ||
|
||
output "api_key_name" { | ||
description = "MQ on Cloud application API key name" | ||
value = local.api_key_name | ||
} | ||
|
||
output "api_key_id" { | ||
description = "MQ on Cloud application API key id" | ||
value = local.api_key_id | ||
} | ||
|
||
output "api_key" { | ||
description = "MQ on Cloud application API key (sensitive)" | ||
value = local.api_key | ||
sensitive = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
######################################################################################################################## | ||
# Input Variables | ||
######################################################################################################################## | ||
|
||
variable "ibmcloud_api_key" { | ||
type = string | ||
description = "The IBM Cloud API key to deploy resources." | ||
sensitive = true | ||
} | ||
|
||
variable "href" { | ||
description = "The application href" | ||
type = string | ||
} | ||
|
||
variable "key_name" { | ||
description = "The name to give to the api key" | ||
type = string | ||
|
||
# This is the same as API call validation to catch the error at terraform plan | ||
validation { | ||
condition = alltrue([ | ||
can(length(var.key_name) >= 1), | ||
can(length(var.key_name) <= 12), | ||
can(regex("^[a-z][-a-z0-9]*$", var.key_name)) | ||
]) | ||
error_message = "key_name ${var.key_name} should match regex ^[a-z][-a-z0-9]*$ and be 12 or less characters" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_version = ">= 1.3.0" | ||
required_providers { | ||
# Use "greater than or equal to" range in modules | ||
local = { | ||
source = "hashicorp/local" | ||
version = ">= 2.5.2" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# MQ on Cloud trust store certificate download | ||
|
||
The trust store is used to trust certificates from MQ clients and other queue managers that connect to the queue manager. | ||
|
||
[Learn more](https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_qm_certs#cert_policy_mqoc_qm_certs) | ||
|
||
This module downloads the provided certificates certificate file. | ||
|
||
### Usage | ||
|
||
```hcl | ||
# Source a certificate | ||
data "ibm_mqcloud_truststore_certificate" "certificate" { | ||
label = "LetsEncryptIssuingCA" | ||
queue_manager_id = local.queue_manager_id | ||
service_instance_guid = local.override_guid | ||
} | ||
# Download the certificate from the certificates href | ||
module "experimental_certificate" { | ||
source = "terraform-ibm-modules/mq-cloud/ibm//modules/experimental-certificate" | ||
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release | ||
ibmcloud_api_key = "IBM Cloud Api Key" # pragma: allowlist secret | ||
href = data.ibm_mqcloud_truststore_certificate.certificate.trust_store[0].href | ||
} | ||
``` | ||
|
||
<!-- The following content is automatically populated by the pre-commit hook --> | ||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
### Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 | | ||
| <a name="requirement_external"></a> [external](#requirement\_external) | >= 2.3.4 | | ||
|
||
### Modules | ||
|
||
No modules. | ||
|
||
### Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [external_external.certificate](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | | ||
|
||
### Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_href"></a> [href](#input\_href) | The truststore certificates href | `string` | n/a | yes | | ||
| <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key to deploy resources | `string` | n/a | yes | | ||
|
||
### Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_certificate"></a> [certificate](#output\_certificate) | name | | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
# Exit if any of the intermediate steps fail | ||
set -e | ||
|
||
eval "$(jq -r '@sh "APIKEY=\(.apikey) HREF=\(.href)"')" | ||
|
||
BEARER=$(curl -X POST "https://iam.cloud.ibm.com/identity/token" --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' --data-urlencode 'apikey='"${APIKEY}" 2>/dev/null | jq .access_token | sed 's/^"//' | sed 's/"$//') # pragma: allowlist secret | ||
|
||
# echo $BEARER | ||
|
||
CERT_STREAM=$(curl -X GET --location --header "Authorization: Bearer ${BEARER}" --header "Accept: application/octet-stream" "${HREF}" 2>/dev/null) | ||
|
||
# shellcheck disable=SC2086 | ||
echo '{"certificate":"'${CERT_STREAM}'"}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
############################################################################## | ||
# terraform-ibm-mq-cloud | ||
# | ||
# Create an MQ on Cloud truststore certificate | ||
############################################################################## | ||
|
||
locals { | ||
certificate_href = "${var.href}/download" | ||
} | ||
|
||
data "external" "certificate" { | ||
program = [ | ||
"sh", "../../modules/experimental-certificate/curlly.sh" | ||
] | ||
query = { | ||
apikey = var.ibmcloud_api_key | ||
href = local.certificate_href | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
######################################################################################################################## | ||
# Outputs | ||
######################################################################################################################## | ||
|
||
output "certificate" { | ||
description = "name" | ||
value = data.external.certificate.result.certificate | ||
sensitive = true | ||
} |
Oops, something went wrong.