Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-15 04:32:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

cli: set OpenStack service account credentials (#1328)

Browse source
This commit is contained in:
Malte Poll 2023-03-03 10:10:36 +01:00 committed by GitHub
parent 29664fc481
commit 8aa42e30ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 79 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

37
cli/internal/terraform/terraform/openstack/main.tf
View file

@ -16,6 +16,10 @@ provider "openstack" {
cloud = var.cloud
}
data "openstack_identity_auth_scope_v3" "scope" {
name = "scope"
}
locals {
uid = random_id.uid.hex
name = "${var.name}-${local.uid}"
@ -30,6 +34,15 @@ locals {
ports_debugd = "4000"
cidr_vpc_subnet_nodes = "192.168.178.0/24"
tags = ["constellation-uid-${local.uid}"]
identity_service = [
for entry in data.openstack_identity_auth_scope_v3.scope.service_catalog :
entry if entry.type == "identity"
][0]
identity_endpoint = [
for endpoint in local.identity_service.endpoints :
endpoint if(endpoint.interface == "internal")
][0]
identity_internal_url = local.identity_endpoint.url
}
resource "random_id" "uid" {
@ -134,12 +147,14 @@ module "instance_group_control_plane" {
security_groups = [
openstack_compute_secgroup_v2.vpc_secgroup.id,
]
tags = local.tags
uid = local.uid
disk_size = var.state_disk_size
availability_zone = var.availability_zone
network_id = openstack_networking_network_v2.vpc_network.id
init_secret_hash = local.initSecretHash
tags = local.tags
uid = local.uid
disk_size = var.state_disk_size
availability_zone = var.availability_zone
network_id = openstack_networking_network_v2.vpc_network.id
init_secret_hash = local.initSecretHash
identity_internal_url = local.identity_internal_url
openstack_service_account_token = var.openstack_service_account_token
}
module "instance_group_worker" {
@ -154,10 +169,12 @@ module "instance_group_worker" {
security_groups = [
openstack_compute_secgroup_v2.vpc_secgroup.id,
]
disk_size = var.state_disk_size
availability_zone = var.availability_zone
network_id = openstack_networking_network_v2.vpc_network.id
init_secret_hash = local.initSecretHash
disk_size = var.state_disk_size
availability_zone = var.availability_zone
network_id = openstack_networking_network_v2.vpc_network.id
init_secret_hash = local.initSecretHash
identity_internal_url = local.identity_internal_url
openstack_service_account_token = var.openstack_service_account_token
}
resource "openstack_networking_floatingip_v2" "public_ip" {

2
cli/internal/terraform/terraform/openstack/modules/instance_group/main.tf
View file

@ -51,6 +51,8 @@ resource "openstack_compute_instance_v2" "instance_group_member" {
constellation-role = local.role_dashed
constellation-uid = var.uid
constellation-init-secret-hash = var.init_secret_hash
openstack-auth-url = var.identity_internal_url
}
user_data = var.openstack_service_account_token
availability_zone_hints = var.availability_zone
}

11
cli/internal/terraform/terraform/openstack/modules/instance_group/variables.tf
View file

@ -61,3 +61,14 @@ variable "init_secret_hash" {
type = string
description = "Hash of the init secret."
}
variable "identity_internal_url" {
type = string
description = "Internal URL of the Identity service."
}
variable "openstack_service_account_token" {
type = string
description = "OpenStack service account token."
}

6
cli/internal/terraform/terraform/openstack/variables.tf
View file

@ -51,6 +51,12 @@ variable "floating_ip_pool_id" {
description = "The pool (network name) to use for floating IPs."
}
variable "openstack_service_account_token" {
type = string
description = "OpenStack service account token."
}
variable "debug" {
type = bool
default = false