Skip to content

Commit

Permalink
feat: add vault component and module (#226)
Browse files Browse the repository at this point in the history
  • Loading branch information
mtweeman authored Nov 6, 2024
1 parent b22699e commit 7caeed0
Show file tree
Hide file tree
Showing 14 changed files with 303 additions and 0 deletions.
47 changes: 47 additions & 0 deletions components/terraform/vault/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions components/terraform/vault/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
module "vault" {
source = "../../../modules/vault"

compartment_ocid = var.compartment_ocid
name = var.vault.name
}
Empty file.
41 changes: 41 additions & 0 deletions components/terraform/vault/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
private_key_path = var.private_key_path
fingerprint = var.fingerprint
region = var.region
}

provider "context" {
enabled = var.enabled
delimiter = "-"
property_order = [
"namespace",
"stage",
"environment",
"name",
]
properties = {
namespace = {
required = true
max_length = 3
}
stage = {
required = true
validation_regex = "^(dev|test|prod)"
}
environment = {
required = true
}
name = {
required = true
}
}
tags_key_case = "title"
values = {
namespace = var.namespace
stage = var.stage
environment = var.environment
name = var.name
}
}
50 changes: 50 additions & 0 deletions components/terraform/vault/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
variable "tenancy_ocid" {
type = string
}

variable "user_ocid" {
type = string
}

variable "private_key_path" {
type = string
}

variable "fingerprint" {
type = string
}

variable "region" {
type = string
}

variable "enabled" {
type = bool
}

variable "namespace" {
type = string
}

variable "stage" {
type = string
}

variable "environment" {
type = string
}

variable "name" {
type = string
}

variable "compartment_ocid" {
type = string
description = "Compartment OCID"
}

variable "vault" {
type = object({
name = string
})
}
14 changes: 14 additions & 0 deletions components/terraform/vault/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
terraform {
required_version = "~> 1.0"

required_providers {
oci = {
source = "oracle/oci"
version = "~> 6.0"
}
context = {
source = "cloudposse/context"
version = "~> 0.4"
}
}
}
47 changes: 47 additions & 0 deletions modules/vault/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

60 changes: 60 additions & 0 deletions modules/vault/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
locals {
enabled = data.context_config.main.enabled

compartment_ocid = var.compartment_ocid
name = var.name
}

data "context_config" "main" {}

data "context_label" "main" {
values = {
name = local.name
}
}

data "context_tags" "main" {
values = {
name = local.name
}
}

resource "oci_kms_vault" "default" {
count = local.enabled ? 1 : 0

compartment_id = local.compartment_ocid
display_name = data.context_label.main.rendered
vault_type = "DEFAULT"
freeform_tags = data.context_tags.main.tags
}

resource "oci_kms_key" "default" {
count = local.enabled ? 1 : 0

compartment_id = local.compartment_ocid
display_name = data.context_label.main.rendered
key_shape {
algorithm = "AES"
length = 32
}
management_endpoint = oci_kms_vault.default[0].management_endpoint
protection_mode = "SOFTWARE"
freeform_tags = data.context_tags.main.tags
}

resource "oci_vault_secret" "default" {
count = local.enabled ? 1 : 0
compartment_id = var.compartment_ocid
secret_content {
content_type = "BASE64"
content = "false"
}
secret_name = "cluster-initiated"
vault_id = oci_kms_vault.default[0].id
key_id = oci_kms_key.default[0].id
freeform_tags = data.context_tags.main.tags

lifecycle {
ignore_changes = all
}
}
Empty file added modules/vault/outputs.tf
Empty file.
11 changes: 11 additions & 0 deletions modules/vault/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
variable "compartment_ocid" {
type = string
description = "Compartment OCID"
default = null
}

variable "name" {
type = string
description = "The name used as a part of resources display name"
default = null
}
14 changes: 14 additions & 0 deletions modules/vault/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
terraform {
required_version = ">= 1.0.0"

required_providers {
oci = {
source = "oracle/oci"
version = ">= 6.0.0"
}
context = {
source = "cloudposse/context"
version = ">= 0.4.0"
}
}
}
5 changes: 5 additions & 0 deletions stacks/catalog/vault/defaults.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
components:
terraform:
vault:
vars:
enabled: true
1 change: 1 addition & 0 deletions stacks/mixins/region/fra.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import:
- catalog/vcn/defaults
- catalog/alb/defaults
- catalog/instance/defaults
- catalog/vault/defaults

vars:
region: eu-frankfurt-1
Expand Down
7 changes: 7 additions & 0 deletions stacks/orgs/hs/plat/prod/fra.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,10 @@ components:
shape: VM.Standard.A1.Flex
instance_public_key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCafkXOuGWQfAZvmDyRcWi/HmTh8DJqRicGmFOammZe7oJAvK7YAOoBMlVvODwYA83dAh7YitbAW+RkQKbGDV5Gcz9/aXP+6AMC64wWprwgonGP6DjvRCH3GZBSo4PZfDohao/OelKBKmXVb8XMFDYE5Lu7Edw+Z/o093OBJFU6J12sO8IJNgU9iOnfZl9M4dr4XSf9HGiMlx1INN8+NBgVCySeTpRkmWGKoSwb5MGEBuZ+f1OWg5VARFe2nPbMLryBH7jOvHN0z71C9/W9ztSeejiy37f7TqC1GyHHkzR5+C6WtCyNAOaa3JBNV7W5ngFSb81mA5779PGd3vqUwCHD ssh-key-2024-03-16
vault:
metadata:
component: vault
vars:
name: vault
vault:
name: vault

0 comments on commit 7caeed0

Please sign in to comment.