Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding vault module and salt formula #1

Merged
merged 37 commits into from
Oct 15, 2019
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
60b9d12
Adding vault module and salt formula
Jul 8, 2019
5928213
Adding custom saltstack modules to handle configurations
Aug 7, 2019
724ed85
Updates to comply with linting/format
Aug 7, 2019
6f11b46
Adds comments to vault modules
Aug 9, 2019
9f12037
Adds a basic test case for the vault stack
Aug 27, 2019
447b3ff
Updates to allow support salt py3
Aug 27, 2019
30a661e
Updates and cleans up tf template to accommodate module test
Aug 27, 2019
b8352c8
Update readme.md
Aug 27, 2019
13b8ddb
Updates readme.md and adds cast to condition for the firewalld salt s…
Aug 27, 2019
3ebf5af
Updates module test for both py2 and py3
Aug 28, 2019
0bee32c
Clean up tf template/scripts per feedback
Aug 28, 2019
049c381
Adds baseline of tests
Aug 28, 2019
f35e86c
Merges docs
Aug 28, 2019
5df8ebc
Merges docs
Aug 28, 2019
5cb9d16
Removes terraform-docs from CI due to unfinished support for tf 0.12
Aug 28, 2019
f6fdfe7
Exposes variable enable access logs for alb
Aug 28, 2019
f393553
Adds workaround scripts to make terraform-docs works nicely with tf 0.12
Aug 28, 2019
30130e8
Adds read-only token for github
Sep 4, 2019
e108ff6
Updates input variables and cleans up template
Sep 4, 2019
27316a6
Updates tests to validate Vault's URL is accessible
Sep 4, 2019
ab6f6f4
Updates vault synced states to allow configs to be written within the…
Sep 10, 2019
b5095ec
Updates states to leaverage jinja templating engine
Sep 10, 2019
3616686
Fixes format to conform with editorconfig
Sep 10, 2019
22eace4
Adds Vagrant for local developement
Sep 11, 2019
3f3a098
Updates salt formula to work with local vagrantfile
Sep 11, 2019
f86b428
Performs cleaning up based on feedback
Sep 11, 2019
6f9744f
Removes -x flag from files
Sep 11, 2019
9308ebc
Performs clean up on terraform module
Sep 12, 2019
3dcbd2b
Fixes rsync issue
Sep 12, 2019
0784baf
Updates firewall state to ignore firewall changes on dev
Sep 12, 2019
f35a646
Cleans up vault states/modules/utils
Sep 13, 2019
faca0a1
Adds support for super() in py2
Sep 25, 2019
3e10051
Switch out grains and use pillar for configurations
Sep 25, 2019
7ade89a
Updates test cases
Sep 25, 2019
cfdde2b
Updates vagrant file to pull the latest spel image
Sep 25, 2019
ac1b62b
Update readme to expose new vault_pillar_path variable
Sep 25, 2019
9f0b070
Replace S3 bucket module with S3 Bucket Resource
Oct 1, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file modified .bumpversion.cfg
100644 → 100755
Empty file.
7 changes: 6 additions & 1 deletion .editorconfig
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,12 @@ charset = utf-8
trim_trailing_whitespace = false

[*.py]
indent_size = 4
indent_style = space
indent_size = 2

[*.go]
indent_style = tab
indent_size = 2

[Makefile]
indent_style = tab
Expand Down
9 changes: 9 additions & 0 deletions .gitignore
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,12 @@

# .tfvars files
*.tfvars

# temp archive files
.files/

# other uncessarry files
.DS_Store

# ignore go files
vendor/
2 changes: 0 additions & 2 deletions .travis.yml
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,6 @@ jobs:
(set -x; git tag -a $RELEASE_VERSION -m $RELEASE_VERSION)
deploy:
provider: releases
api_key:
secure:
allez-allez-allez marked this conversation as resolved.
Show resolved Hide resolved
name: $RELEASE_VERSION
body: $RELEASE_BODY
tag_name: $RELEASE_VERSION
Expand Down
12 changes: 9 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ SHELL := bash

.PHONY: guard/% %/install %/lint

GITHUB_ACCESS_TOKEN ?=
GITHUB_ACCESS_TOKEN ?=
allez-allez-allez marked this conversation as resolved.
Show resolved Hide resolved
# Macro to return the download url for a github release
# For latest release, use version=latest
# To pin a release, use version=tags/<tag>
Expand Down Expand Up @@ -86,7 +86,7 @@ terraform/lint: | guard/program/terraform
sh/%: FIND_SH := find . $(FIND_EXCLUDES) -name '*.sh' -type f -print0
sh/lint: | guard/program/shellcheck
@ echo "[$@]: Linting shell scripts..."
$(FIND_SH) | $(XARGS) shellcheck {}
$(FIND_SH) | $(XARGS) shellcheck {} -e SC2154,SC2155
@ echo "[$@]: Shell scripts PASSED lint test!"

json/%: FIND_JSON := find . $(FIND_EXCLUDES) -name '*.json' -type f
Expand All @@ -100,7 +100,7 @@ json/format: | guard/program/jq
$(FIND_JSON) | $(XARGS) bash -c 'echo "$$(jq --indent 4 -S . "{}")" > "{}"'
@ echo "[$@]: Successfully formatted JSON files!"

docs/%: README_PARTS := _docs/MAIN.md <(echo) <(terraform-docs markdown table .)
docs/%: README_PARTS := _docs/MAIN.md <(echo) <(./scripts/terraform-docs.sh markdown table .)
docs/%: README_FILE ?= README.md

docs/lint: | guard/program/terraform-docs
Expand All @@ -112,3 +112,9 @@ docs/generate: | guard/program/terraform-docs
@ echo "[$@]: Creating documentation files.."
cat $(README_PARTS) > $(README_FILE)
@ echo "[$@]: Documentation files creation complete!"

terratest/install: | guard/program/go guard/program/dep
allez-allez-allez marked this conversation as resolved.
Show resolved Hide resolved
cd tests && dep ensure

terratest/test: | guard/program/go guard/program/dep
cd tests && go test -timeout 40m
47 changes: 47 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,50 @@
## terraform-aws-vault

Terraform module that installs and configures Hashicorp Vault cluster with HA DyanamoDb storage backend.

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| additional\_ips\_allow\_inbound | List of ip address that allow to have access to resources | list(string) | `<list>` | no |
| ami\_name\_filter | Will be use to filter out AMI | string | `"spel-minimal-centos-7-hvm-*.x86_64-gp2"` | no |
| ami\_name\_regex | Regex to help fine-grain filtering AMI | string | `"spel-minimal-centos-7-hvm-\\d{4}\\.\\d{2}\\.\\d{1}\\.x86_64-gp2"` | no |
| ami\_owner | Account id/alias of the AMI owner | string | n/a | yes |
| cfn\_bootstrap\_utils\_url | (Optional) URL to aws-cfn-bootstrap-latest.tar.gz | string | `"https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz"` | no |
| cfn\_endpoint\_url | (Optional) URL to the CloudFormation Endpoint. e.g. https://cloudformation.us-east-1.amazonaws.com | string | `"https://cloudformation.us-east-1.amazonaws.com"` | no |
| cloudwatch\_agent\_url | (Optional) S3 URL to CloudWatch Agent installer. Example: s3://amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip | string | `""` | no |
| configs\_path | Path to directory that contains configuration files for vault | string | `""` | no |
| desired\_capacity | (Optional) Desired number of instances in the Autoscaling Group | string | `"2"` | no |
| domain\_name | The domain name where vault url will be registered to. Example: domain.net | string | n/a | yes |
| dynamodb\_table | Name of the Dynamodb to be used as storage backend for Vault | string | `""` | no |
| ec2\_extra\_security\_group\_ids | List of additional security groups to add to EC2 instances | list(string) | `<list>` | no |
| ec2\_subnet\_ids | List of subnets where EC2 instances will be launched | list(string) | n/a | yes |
| enable\_access\_logs | Boolean indicating whether to enable access logs for load balancer | bool | `"false"` | no |
| environment | Type of environment -- must be one of: dev, test, prod | string | n/a | yes |
| ingress\_cidr\_blocks | (Optional) List of CIDR block. | list(string) | `<list>` | no |
| instance\_type | Amazon EC2 instance type | string | `"t2.medium"` | no |
| key\_pair\_name | Keypair to associate to launched instances | string | n/a | yes |
| kms\_key\_id | Id of an AWS KMS key use for auto unseal operation when vault is intialize | string | `""` | no |
| lb\_internal | Boolean indicating whether the load balancer is internal or external | bool | `"false"` | no |
| lb\_ssl\_policy | The name of the SSL Policy for the listener | string | `"ELBSecurityPolicy-FS-2018-06"` | no |
| lb\_subnet\_ids | List of subnets to associate to the Load Balancer | list(string) | n/a | yes |
| max\_capacity | (Optional) Maximum number of instances in the Autoscaling Group | string | `"2"` | no |
| min\_capacity | (Optional) Minimum number of instances in the Autoscaling Group | string | `"1"` | no |
| name | Name of the vault stack, will be use to prefix resources | string | n/a | yes |
| pypi\_index\_url | (Optional) URL to the PyPi Index | string | `"https://pypi.org/simple"` | no |
| route53\_zone\_id | Hosted zone ID Route 53 hosted zone | string | n/a | yes |
| tags | (Optional) list of tags to include with resource | map(string) | `<map>` | no |
| toggle\_update | (Optional) Toggle that triggers a stack update by modifying the launch config, resulting in new instances; must be one of: A or B | string | `"A"` | no |
| vault\_url | The DNS address that vault will be accessible at. Stack name will be used as the url when value is set to empty. Example: vault.domain.net | string | `""` | no |
| vault\_version | Version of Vault to be installed on servers | string | n/a | yes |
| watchmaker\_admin\_groups | (Optional) Colon-separated list of domain groups that should have admin permissions on the EC2 instance | string | `""` | no |
| watchmaker\_admin\_users | (Optional) Colon-separated list of domain users that should have admin permissions on the EC2 instance | string | `""` | no |
| watchmaker\_config | (Optional) URL to a Watchmaker config file | string | `""` | no |
| watchmaker\_ou\_path | (Optional) DN of the OU to place the instance when joining a domain. If blank and WatchmakerEnvironment enforces a domain join, the instance will be placed in a default container. Leave blank if not joining a domain, or if WatchmakerEnvironment is false | string | `""` | no |

## Outputs

| Name | Description |
|------|-------------|
| vault\_url | URL to access Vault UI |

Empty file modified _docs/MAIN.md
100644 → 100755
Empty file.
Loading