From 9ed85543bb7885c1d2d753866a5c778f909ba016 Mon Sep 17 00:00:00 2001 From: Robert de Bock Date: Tue, 7 Dec 2021 12:44:58 +0100 Subject: [PATCH 1/4] Replace deprecated "template_file" resource for "templatefile" function. --- examples/vault-agent/main.tf | 80 +++++++++--------------- examples/vault-auto-unseal/main.tf | 49 +++++---------- examples/vault-cluster-private/main.tf | 47 +++++--------- examples/vault-dynamodb-backend/main.tf | 25 +++----- examples/vault-ec2-auth/main.tf | 81 +++++++++---------------- examples/vault-iam-auth/main.tf | 81 +++++++++---------------- examples/vault-s3-backend/main.tf | 49 +++++---------- main.tf | 38 ++---------- 8 files changed, 144 insertions(+), 306 deletions(-) diff --git a/examples/vault-agent/main.tf b/examples/vault-agent/main.tf index 06a1ccf7..7b61811c 100644 --- a/examples/vault-agent/main.tf +++ b/examples/vault-agent/main.tf @@ -24,7 +24,15 @@ resource "aws_instance" "example_auth_to_vault" { aws_security_group.auth_instance.id, ] - user_data = data.template_file.user_data_auth_client.rendered + # The user data script that will run on the instance + # This script will run consul, which is used for discovering vault cluster + # And perform the login operation + user_data = templatefile("${path.module}/user-data-auth-client.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + }) + iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name tags = { @@ -66,22 +74,6 @@ module "consul_iam_policies_for_client" { iam_role_id = aws_iam_role.example_instance_role.id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON THE INSTANCE -# This script will run consul, which is used for discovering vault cluster -# And perform the login operation -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_auth_client" { - template = file("${path.module}/user-data-auth-client.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # ADDS A RULE TO OPEN PORT 8080 SINCE OUR EXAMPLE LAUNCHES A SIMPLE WEB SERVER # This is here just for automated tests, not something that should be done with prod @@ -148,7 +140,18 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each Vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + # Please note that normally we would never pass a secret this way + # This is just for test purposes so we can verify that our example instance is authenticating correctly + example_secret = var.example_secret + aws_iam_role_arn = aws_iam_role.example_instance_role.arn + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -175,25 +178,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - # Please note that normally we would never pass a secret this way - # This is just for test purposes so we can verify that our example instance is authenticating correctly - example_secret = var.example_secret - aws_iam_role_arn = aws_iam_role.example_instance_role.arn - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -227,7 +211,12 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + # The user data script that will run o eacht consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key= var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -240,20 +229,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -272,4 +247,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-auto-unseal/main.tf b/examples/vault-auto-unseal/main.tf index 9c12865e..3fbf786d 100644 --- a/examples/vault-auto-unseal/main.tf +++ b/examples/vault-auto-unseal/main.tf @@ -27,7 +27,15 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + kms_key_id = data.aws_kms_alias.vault-example.target_key_id + aws_region = data.aws_region.current.name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -60,22 +68,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - kms_key_id = data.aws_kms_alias.vault-example.target_key_id - aws_region = data.aws_region.current.name - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -109,7 +101,13 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + + # The user data script that will run on eacht consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -122,20 +120,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -154,4 +138,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-cluster-private/main.tf b/examples/vault-cluster-private/main.tf index ed0aad59..49ab90be 100644 --- a/examples/vault-cluster-private/main.tf +++ b/examples/vault-cluster-private/main.tf @@ -23,7 +23,14 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + aws_region = data.aws_region.current.name + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -50,21 +57,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - aws_region = data.aws_region.current.name - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -98,8 +90,14 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + # The user data script that will run on each consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) + vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -111,20 +109,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -143,4 +127,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-dynamodb-backend/main.tf b/examples/vault-dynamodb-backend/main.tf index 00596ec6..e62c5ee5 100644 --- a/examples/vault-dynamodb-backend/main.tf +++ b/examples/vault-dynamodb-backend/main.tf @@ -34,7 +34,14 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + aws_region = data.aws_region.current.name + dynamo_table_name = var.dynamo_table_name + s3_bucket_name = var.s3_bucket_name + }) # Enable S3 storage backend enable_s3_backend = true @@ -58,21 +65,6 @@ module "vault_cluster" { dynamo_table_name = var.dynamo_table_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - aws_region = data.aws_region.current.name - dynamo_table_name = var.dynamo_table_name - s3_bucket_name = var.s3_bucket_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Vault is @@ -91,4 +83,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-ec2-auth/main.tf b/examples/vault-ec2-auth/main.tf index 8ff9882b..002b2f7e 100644 --- a/examples/vault-ec2-auth/main.tf +++ b/examples/vault-ec2-auth/main.tf @@ -21,7 +21,14 @@ resource "aws_instance" "example_auth_to_vault" { aws_security_group.auth_instance.id, ] - user_data = data.template_file.user_data_auth_client.rendered + # The user data script that will run on the instance + # This script will run consul, which is used for discovering vault cluster + user_data = templatefile("${path.module}/user-data-auth-client.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + }) + iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name tags = { @@ -37,21 +44,6 @@ resource "aws_iam_instance_profile" "example_instance_profile" { role = module.vault_cluster.iam_role_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON THE INSTANCE -# This script will run consul, which is used for discovering vault cluster -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_auth_client" { - template = file("${path.module}/user-data-auth-client.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # ADDS A RULE TO OPEN PORT 8080 SINCE OUR EXAMPLE LAUNCHES A SIMPLE WEB SERVER # --------------------------------------------------------------------------------------------------------------------- @@ -87,7 +79,19 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each Vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + aws_region = data.aws_region.current.name + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + # Please note that normally we would never pass a secret this way + # This is just for test purposes so we can verify that our example instance is authenticating correctly + example_secret = var.example_secret + ami_id = var.ami_id + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -114,26 +118,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - aws_region = data.aws_region.current.name - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - # Please note that normally we would never pass a secret this way - # This is just for test purposes so we can verify that our example instance is authenticating correctly - example_secret = var.example_secret - ami_id = var.ami_id - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -167,7 +151,13 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + + # The user data script that will run on each consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -180,20 +170,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -212,4 +188,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-iam-auth/main.tf b/examples/vault-iam-auth/main.tf index f686d44a..e007e0e3 100644 --- a/examples/vault-iam-auth/main.tf +++ b/examples/vault-iam-auth/main.tf @@ -24,7 +24,15 @@ resource "aws_instance" "example_auth_to_vault" { aws_security_group.auth_instance.id, ] - user_data = data.template_file.user_data_auth_client.rendered + # The user data script that will run on the instance + # This script will run consul, which is used for discovering vault cluster + # And perform the login operation + user_data = templatefile("${path.module}/user-data-auth-client.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + }) + iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name tags = { @@ -66,22 +74,6 @@ module "consul_iam_policies_for_client" { iam_role_id = aws_iam_role.example_instance_role.id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON THE INSTANCE -# This script will run consul, which is used for discovering vault cluster -# And perform the login operation -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_auth_client" { - template = file("${path.module}/user-data-auth-client.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # ADDS A RULE TO OPEN PORT 8080 SINCE OUR EXAMPLE LAUNCHES A SIMPLE WEB SERVER # This is here just for automated tests, not something that should be done with prod @@ -148,7 +140,18 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each Vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + example_role_name = var.example_role_name + # Please note that normally we would never pass a secret this way + # This is just for test purposes so we can verify that our example instance is authenticating correctly + example_secret = var.example_secret + aws_iam_role_arn = aws_iam_role.example_instance_role.arn + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -175,25 +178,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - example_role_name = var.example_role_name - # Please note that normally we would never pass a secret this way - # This is just for test purposes so we can verify that our example instance is authenticating correctly - example_secret = var.example_secret - aws_iam_role_arn = aws_iam_role.example_instance_role.arn - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -227,7 +211,13 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + + # The user data script that will run on each consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -240,20 +230,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -272,4 +248,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/examples/vault-s3-backend/main.tf b/examples/vault-s3-backend/main.tf index 3ab41c1b..8832ef84 100644 --- a/examples/vault-s3-backend/main.tf +++ b/examples/vault-s3-backend/main.tf @@ -23,7 +23,15 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + + # The user data script that will run on each Vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/user-data-vault.sh", { + aws_region = data.aws_region.current.name + s3_bucket_name = var.s3_bucket_name + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) enable_s3_backend = true s3_bucket_name = var.s3_bucket_name @@ -54,22 +62,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/user-data-vault.sh") - - vars = { - aws_region = data.aws_region.current.name - s3_bucket_name = var.s3_bucket_name - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -103,7 +95,13 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - user_data = data.template_file.user_data_consul.rendered + + # The user data script that will run on each Consul server when it's booting + # This script will configure and start Consul + user_data = templatefile("${path.module}/user-data-consul.sh", { + consul_cluster_tag_key = var.consul_cluster_tag_key + consul_cluster_tag_value = var.consul_cluster_name + }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -116,20 +114,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -148,4 +132,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - diff --git a/main.tf b/main.tf index 3c4e3d52..fd3cd97c 100644 --- a/main.tf +++ b/main.tf @@ -66,7 +66,9 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id == null ? data.aws_ami.vault_consul.image_id : var.ami_id - user_data = data.template_file.user_data_vault_cluster.rendered + # The user data script that will run on eacht Vault server when it's booting + # This script will configure and start Vault + user_data = templatefile("${path.module}/examples/root-example/user-data-vault.sh", { aws_region = data.aws_region.current.name, consul_cluster_tag_key = var.consul_cluster_tag_key, consul_cluster_tag_value = var.consul_cluster_name }) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -97,21 +99,6 @@ module "consul_iam_policies_servers" { iam_role_id = module.vault_cluster.iam_role_id } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING -# This script will configure and start Vault -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_vault_cluster" { - template = file("${path.module}/examples/root-example/user-data-vault.sh") - - vars = { - aws_region = data.aws_region.current.name - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER # To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip, @@ -183,7 +170,9 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id == null ? data.aws_ami.vault_consul.image_id : var.ami_id - user_data = data.template_file.user_data_consul.rendered + # The user data script that will run on each consul server when it's booting + # This script will configure and start Consul + user_date = templatefile("${path.module}/examples/root-example/user-data-consul.sh", {consul_cluster_tag_key = var.consul_cluster_tag_key, consul_cluster_tag_value = var.consul_cluster_name}) vpc_id = data.aws_vpc.default.id subnet_ids = data.aws_subnet_ids.default.ids @@ -196,20 +185,6 @@ module "consul_cluster" { ssh_key_name = var.ssh_key_name } -# --------------------------------------------------------------------------------------------------------------------- -# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING -# This script will configure and start Consul -# --------------------------------------------------------------------------------------------------------------------- - -data "template_file" "user_data_consul" { - template = file("${path.module}/examples/root-example/user-data-consul.sh") - - vars = { - consul_cluster_tag_key = var.consul_cluster_tag_key - consul_cluster_tag_value = var.consul_cluster_name - } -} - # --------------------------------------------------------------------------------------------------------------------- # DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES # Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are @@ -229,4 +204,3 @@ data "aws_subnet_ids" "default" { data "aws_region" "current" { } - From fc9b317711cce1bfb9d46a60b7c612b4dc526a4b Mon Sep 17 00:00:00 2001 From: Robert de Bock Date: Fri, 7 Jan 2022 13:13:53 +0100 Subject: [PATCH 2/4] Update examples/vault-agent/main.tf Typo fixed, thanks! Co-authored-by: Anouar Chattouna <9251649+anouarchattouna@users.noreply.github.com> --- examples/vault-agent/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/vault-agent/main.tf b/examples/vault-agent/main.tf index 7b61811c..40376e40 100644 --- a/examples/vault-agent/main.tf +++ b/examples/vault-agent/main.tf @@ -211,7 +211,7 @@ module "consul_cluster" { cluster_tag_value = var.consul_cluster_name ami_id = var.ami_id - # The user data script that will run o eacht consul server when it's booting + # The user data script that will run on each consul server when it's booting # This script will configure and start Consul user_data = templatefile("${path.module}/user-data-consul.sh", { consul_cluster_tag_key= var.consul_cluster_tag_key From 81e734f1af4d6f2deeeedc0c4c13efaaa8e52986 Mon Sep 17 00:00:00 2001 From: Robert de Bock Date: Fri, 7 Jan 2022 13:15:32 +0100 Subject: [PATCH 3/4] Update examples/vault-auto-unseal/main.tf Co-authored-by: Anouar Chattouna <9251649+anouarchattouna@users.noreply.github.com> --- examples/vault-auto-unseal/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/vault-auto-unseal/main.tf b/examples/vault-auto-unseal/main.tf index 3fbf786d..c2be299a 100644 --- a/examples/vault-auto-unseal/main.tf +++ b/examples/vault-auto-unseal/main.tf @@ -102,7 +102,7 @@ module "consul_cluster" { ami_id = var.ami_id - # The user data script that will run on eacht consul server when it's booting + # The user data script that will run on each consul server when it's booting # This script will configure and start Consul user_data = templatefile("${path.module}/user-data-consul.sh", { consul_cluster_tag_key = var.consul_cluster_tag_key From 2e2e144adf8b90247e92744ec7e0accb7793a635 Mon Sep 17 00:00:00 2001 From: Robert de Bock Date: Fri, 7 Jan 2022 13:15:38 +0100 Subject: [PATCH 4/4] Update main.tf Co-authored-by: Anouar Chattouna <9251649+anouarchattouna@users.noreply.github.com> --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index fd3cd97c..201d5bbc 100644 --- a/main.tf +++ b/main.tf @@ -66,7 +66,7 @@ module "vault_cluster" { instance_type = var.vault_instance_type ami_id = var.ami_id == null ? data.aws_ami.vault_consul.image_id : var.ami_id - # The user data script that will run on eacht Vault server when it's booting + # The user data script that will run on each Vault server when it's booting # This script will configure and start Vault user_data = templatefile("${path.module}/examples/root-example/user-data-vault.sh", { aws_region = data.aws_region.current.name, consul_cluster_tag_key = var.consul_cluster_tag_key, consul_cluster_tag_value = var.consul_cluster_name })