Merge pull request #1 from patoarvizu/create_module

First version of 'kms-tls-certs' module
patoarvizu · Dec 26, 2018 · e994b94 · e994b94
2 parents 374a314 + 3970c11
commit e994b94
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 0 deletions.
diff --git a/modules/kms-tls-certs/data.tf b/modules/kms-tls-certs/data.tf
@@ -0,0 +1,3 @@
+data "aws_kms_alias" "vault_packer" {
+  name = "alias/${var.alias_name}"
+}
diff --git a/modules/kms-tls-certs/main.tf b/modules/kms-tls-certs/main.tf
@@ -0,0 +1,43 @@
+module "tls_certs" {
+  source = "github.com/hashicorp/terraform-aws-vault//modules/private-tls-cert?ref=v0.11.3"
+  ca_public_key_file_path = "${var.output_directory}/ca.crt.pem"
+  public_key_file_path = "${var.output_directory}/vault.crt.pem"
+  private_key_file_path = "${var.output_directory}/vault.key.pem"
+  owner = "${var.owner}"
+  organization_name = "${var.organization_name}"
+  ca_common_name = "${var.ca_common_name}"
+  common_name = "${var.common_name}"
+  dns_names = "${var.dns_names}"
+  ip_addresses = "${var.ip_addresses}"
+  validity_period_hours = "${var.validity_period_hours}"
+}
+
+data "local_file" "ca_public_key_file" {
+  depends_on = [ "module.tls_certs" ]
+  filename = "${module.tls_certs.ca_public_key_file_path}"
+}
+
+data "local_file" "public_key_file" {
+  depends_on = [ "module.tls_certs" ]
+  filename = "${module.tls_certs.public_key_file_path}"
+}
+
+data "local_file" "private_key_file" {
+  depends_on = [ "module.tls_certs" ]
+  filename = "${module.tls_certs.private_key_file_path}"
+}
+
+data "aws_kms_ciphertext" "encrypted_ca_public_key" {
+  key_id = "${data.aws_kms_alias.vault_packer.target_key_id}"
+  plaintext = "${data.local_file.ca_public_key_file.content}"
+}
+
+data "aws_kms_ciphertext" "encrypted_public_key" {
+  key_id = "${data.aws_kms_alias.vault_packer.target_key_id}"
+  plaintext = "${data.local_file.public_key_file.content}"
+}
+
+data "aws_kms_ciphertext" "encrypted_private_key" {
+  key_id = "${data.aws_kms_alias.vault_packer.target_key_id}"
+  plaintext = "${data.local_file.private_key_file.content}"
+}
diff --git a/modules/kms-tls-certs/outputs.tf b/modules/kms-tls-certs/outputs.tf
@@ -0,0 +1,11 @@
+output "ca_public_key" {
+  value = "\nEncrypted string: ${data.aws_kms_ciphertext.encrypted_ca_public_key.ciphertext_blob}\n\n(File also saved to: ${module.tls_certs.ca_public_key_file_path})\n"
+}
+
+output "public_key" {
+  value = "\nEncrypted string: ${data.aws_kms_ciphertext.encrypted_public_key.ciphertext_blob}\n\n(File also saved to: ${module.tls_certs.public_key_file_path})\n"
+}
+
+output "private_key" {
+  value = "\nEncrypted string: ${data.aws_kms_ciphertext.encrypted_private_key.ciphertext_blob}\n\n(File also saved to: ${module.tls_certs.private_key_file_path})\n"
+}
diff --git a/modules/kms-tls-certs/variables.tf b/modules/kms-tls-certs/variables.tf
@@ -0,0 +1,39 @@
+variable "owner" {
+  type = "string"
+  description = "The OS user who should be given ownership over the certificate files."
+}
+
+variable "alias_name" {
+  type = "string"
+}
+
+variable "organization_name" {
+  type = "string"
+}
+
+variable "ca_common_name" {
+  type = "string"
+}
+
+variable "common_name" {
+  type = "string"
+}
+
+variable "validity_period_hours" {
+  type = "string"
+}
+
+variable "output_directory" {
+  type = "string"
+  default = "/tmp"
+}
+
+variable "dns_names" {
+  type = "list"
+  default = []
+}
+
+variable "ip_addresses" {
+  type = "list"
+  default = []
+}