From 9b02b3a4b91418fca5e2cad06953bf5c305d97b0 Mon Sep 17 00:00:00 2001 From: Eugene Selivanov Date: Mon, 26 Aug 2024 17:53:37 +0700 Subject: [PATCH 1/2] feat: init wrappers --- wrappers/main.tf | 20 ++++++++++++++++++++ wrappers/outputs.tf | 5 +++++ wrappers/variables.tf | 11 +++++++++++ wrappers/versions.tf | 9 +++++++++ 4 files changed, 45 insertions(+) create mode 100644 wrappers/main.tf create mode 100644 wrappers/outputs.tf create mode 100644 wrappers/variables.tf create mode 100644 wrappers/versions.tf diff --git a/wrappers/main.tf b/wrappers/main.tf new file mode 100644 index 0000000..a88489f --- /dev/null +++ b/wrappers/main.tf @@ -0,0 +1,20 @@ +module "wrapper" { + source = "../modules/iam-account" + + for_each = var.items + + name = try(each.value.name, var.defaults.name, null) + folder_id = try(each.value.folder_id, var.defaults.folder_id, null) + description = try(each.value.description, var.defaults.description, "") + cloud_id = try(each.value.cloud_id, var.defaults.cloud_id, null) + folder_roles = try(each.value.folder_roles, var.defaults.folder_roles, []) + cloud_roles = try(each.value.cloud_roles, var.defaults.cloud_roles, []) + enable_static_access_key = try(each.value.enable_static_access_key, var.defaults.enable_static_access_key, false) + static_access_key_pgp_key = try(each.value.static_access_key_pgp_key, var.defaults.static_access_key_pgp_key, null) + enable_api_key = try(each.value.enable_api_key, var.defaults.enable_api_key, false) + api_key_pgp_key = try(each.value.api_key_pgp_key, var.defaults.api_key_pgp_key, null) + enable_account_key = try(each.value.enable_account_key, var.defaults.enable_account_key, false) + account_key_algorithm = try(each.value.account_key_algorithm, var.defaults.account_key_algorithm, "RSA_4096") + account_key_format = try(each.value.account_key_format, var.defaults.account_key_format, "PEM_FILE") + account_key_pgp_key = try(each.value.account_key_pgp_key, var.defaults.account_key_pgp_key, null) +} diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf new file mode 100644 index 0000000..4fe0efe --- /dev/null +++ b/wrappers/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + sensitive = false +} diff --git a/wrappers/variables.tf b/wrappers/variables.tf new file mode 100644 index 0000000..a6ea096 --- /dev/null +++ b/wrappers/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/versions.tf b/wrappers/versions.tf new file mode 100644 index 0000000..b912969 --- /dev/null +++ b/wrappers/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + yandex = { + source = "yandex-cloud/yandex" + version = ">= 0.72.0" + } + } + required_version = ">= 1.3" +} From fe70c77f030f8c86a078f89422d07350852d020c Mon Sep 17 00:00:00 2001 From: Eugene Selivanov Date: Thu, 29 Aug 2024 11:55:10 +0700 Subject: [PATCH 2/2] chore: disable sensitive output for wrapper --- modules/iam-account/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/iam-account/outputs.tf b/modules/iam-account/outputs.tf index b2bcf17..ee74b89 100644 --- a/modules/iam-account/outputs.tf +++ b/modules/iam-account/outputs.tf @@ -31,7 +31,7 @@ output "sak_access_key" { output "sak_secret_key" { description = "Private part of service account static access key" value = var.enable_static_access_key ? yandex_iam_service_account_static_access_key.main[0].secret_key : null - sensitive = true + #sensitive = true } output "sak_encrypted_secret_key" {