Skip to content
This repository has been archived by the owner on Jan 25, 2023. It is now read-only.

Replace deprecated "template_file" resource for "templatefile" function. #255

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 27 additions & 53 deletions examples/vault-agent/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,15 @@ resource "aws_instance" "example_auth_to_vault" {
aws_security_group.auth_instance.id,
]

user_data = data.template_file.user_data_auth_client.rendered
# The user data script that will run on the instance
# This script will run consul, which is used for discovering vault cluster
# And perform the login operation
user_data = templatefile("${path.module}/user-data-auth-client.sh", {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
example_role_name = var.example_role_name
})

iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name

tags = {
Expand Down Expand Up @@ -66,22 +74,6 @@ module "consul_iam_policies_for_client" {
iam_role_id = aws_iam_role.example_instance_role.id
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON THE INSTANCE
# This script will run consul, which is used for discovering vault cluster
# And perform the login operation
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_auth_client" {
template = file("${path.module}/user-data-auth-client.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
example_role_name = var.example_role_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# ADDS A RULE TO OPEN PORT 8080 SINCE OUR EXAMPLE LAUNCHES A SIMPLE WEB SERVER
# This is here just for automated tests, not something that should be done with prod
Expand Down Expand Up @@ -148,7 +140,18 @@ module "vault_cluster" {
instance_type = var.vault_instance_type

ami_id = var.ami_id
user_data = data.template_file.user_data_vault_cluster.rendered

# The user data script that will run on each Vault server when it's booting
# This script will configure and start Vault
user_data = templatefile("${path.module}/user-data-vault.sh", {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
example_role_name = var.example_role_name
# Please note that normally we would never pass a secret this way
# This is just for test purposes so we can verify that our example instance is authenticating correctly
example_secret = var.example_secret
aws_iam_role_arn = aws_iam_role.example_instance_role.arn
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
Expand All @@ -175,25 +178,6 @@ module "consul_iam_policies_servers" {
iam_role_id = module.vault_cluster.iam_role_id
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING
# This script will configure and start Vault
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_vault_cluster" {
template = file("${path.module}/user-data-vault.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
example_role_name = var.example_role_name
# Please note that normally we would never pass a secret this way
# This is just for test purposes so we can verify that our example instance is authenticating correctly
example_secret = var.example_secret
aws_iam_role_arn = aws_iam_role.example_instance_role.arn
}
}

# ---------------------------------------------------------------------------------------------------------------------
# PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER
# To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip,
Expand Down Expand Up @@ -227,7 +211,12 @@ module "consul_cluster" {
cluster_tag_value = var.consul_cluster_name

ami_id = var.ami_id
user_data = data.template_file.user_data_consul.rendered
# The user data script that will run on each consul server when it's booting
# This script will configure and start Consul
user_data = templatefile("${path.module}/user-data-consul.sh", {
consul_cluster_tag_key= var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
Expand All @@ -240,20 +229,6 @@ module "consul_cluster" {
ssh_key_name = var.ssh_key_name
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING
# This script will configure and start Consul
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_consul" {
template = file("${path.module}/user-data-consul.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES
# Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are
Expand All @@ -272,4 +247,3 @@ data "aws_subnet_ids" "default" {

data "aws_region" "current" {
}

49 changes: 16 additions & 33 deletions examples/vault-auto-unseal/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,15 @@ module "vault_cluster" {
instance_type = var.vault_instance_type

ami_id = var.ami_id
user_data = data.template_file.user_data_vault_cluster.rendered

# The user data script that will run on each vault server when it's booting
# This script will configure and start Vault
user_data = templatefile("${path.module}/user-data-vault.sh", {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
kms_key_id = data.aws_kms_alias.vault-example.target_key_id
aws_region = data.aws_region.current.name
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
Expand Down Expand Up @@ -60,22 +68,6 @@ module "consul_iam_policies_servers" {
iam_role_id = module.vault_cluster.iam_role_id
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING
# This script will configure and start Vault
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_vault_cluster" {
template = file("${path.module}/user-data-vault.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
kms_key_id = data.aws_kms_alias.vault-example.target_key_id
aws_region = data.aws_region.current.name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER
# To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip,
Expand Down Expand Up @@ -109,7 +101,13 @@ module "consul_cluster" {
cluster_tag_value = var.consul_cluster_name

ami_id = var.ami_id
user_data = data.template_file.user_data_consul.rendered

# The user data script that will run on each consul server when it's booting
# This script will configure and start Consul
user_data = templatefile("${path.module}/user-data-consul.sh", {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
Expand All @@ -122,20 +120,6 @@ module "consul_cluster" {
ssh_key_name = var.ssh_key_name
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING
# This script will configure and start Consul
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_consul" {
template = file("${path.module}/user-data-consul.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES
# Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are
Expand All @@ -154,4 +138,3 @@ data "aws_subnet_ids" "default" {

data "aws_region" "current" {
}

47 changes: 15 additions & 32 deletions examples/vault-cluster-private/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,14 @@ module "vault_cluster" {
instance_type = var.vault_instance_type

ami_id = var.ami_id
user_data = data.template_file.user_data_vault_cluster.rendered

# The user data script that will run on each vault server when it's booting
# This script will configure and start Vault
user_data = templatefile("${path.module}/user-data-vault.sh", {
aws_region = data.aws_region.current.name
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids
Expand All @@ -50,21 +57,6 @@ module "consul_iam_policies_servers" {
iam_role_id = module.vault_cluster.iam_role_id
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING
# This script will configure and start Vault
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_vault_cluster" {
template = file("${path.module}/user-data-vault.sh")

vars = {
aws_region = data.aws_region.current.name
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# PERMIT CONSUL SPECIFIC TRAFFIC IN VAULT CLUSTER
# To allow our Vault servers consul agents to communicate with other consul agents and participate in the LAN gossip,
Expand Down Expand Up @@ -98,8 +90,14 @@ module "consul_cluster" {
cluster_tag_value = var.consul_cluster_name

ami_id = var.ami_id
user_data = data.template_file.user_data_consul.rendered

# The user data script that will run on each consul server when it's booting
# This script will configure and start Consul
user_data = templatefile("${path.module}/user-data-consul.sh", {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
})

vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnet_ids.default.ids

Expand All @@ -111,20 +109,6 @@ module "consul_cluster" {
ssh_key_name = var.ssh_key_name
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH CONSUL SERVER WHEN IT'S BOOTING
# This script will configure and start Consul
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_consul" {
template = file("${path.module}/user-data-consul.sh")

vars = {
consul_cluster_tag_key = var.consul_cluster_tag_key
consul_cluster_tag_value = var.consul_cluster_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES
# Using the default VPC and subnets makes this example easy to run and test, but it means Consul and Vault are
Expand All @@ -143,4 +127,3 @@ data "aws_subnet_ids" "default" {

data "aws_region" "current" {
}

25 changes: 8 additions & 17 deletions examples/vault-dynamodb-backend/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,14 @@ module "vault_cluster" {
instance_type = var.vault_instance_type

ami_id = var.ami_id
user_data = data.template_file.user_data_vault_cluster.rendered

# The user data script that will run on each vault server when it's booting
# This script will configure and start Vault
user_data = templatefile("${path.module}/user-data-vault.sh", {
aws_region = data.aws_region.current.name
dynamo_table_name = var.dynamo_table_name
s3_bucket_name = var.s3_bucket_name
})

# Enable S3 storage backend
enable_s3_backend = true
Expand All @@ -58,21 +65,6 @@ module "vault_cluster" {
dynamo_table_name = var.dynamo_table_name
}

# ---------------------------------------------------------------------------------------------------------------------
# THE USER DATA SCRIPT THAT WILL RUN ON EACH VAULT SERVER WHEN IT'S BOOTING
# This script will configure and start Vault
# ---------------------------------------------------------------------------------------------------------------------

data "template_file" "user_data_vault_cluster" {
template = file("${path.module}/user-data-vault.sh")

vars = {
aws_region = data.aws_region.current.name
dynamo_table_name = var.dynamo_table_name
s3_bucket_name = var.s3_bucket_name
}
}

# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE CLUSTERS IN THE DEFAULT VPC AND AVAILABILITY ZONES
# Using the default VPC and subnets makes this example easy to run and test, but it means Vault is
Expand All @@ -91,4 +83,3 @@ data "aws_subnet_ids" "default" {

data "aws_region" "current" {
}

Loading