From 111fe5aecea05d7bd3a6b278ded4541f17e70325 Mon Sep 17 00:00:00 2001 From: Giuseppe Misurelli Date: Mon, 20 Apr 2020 19:15:32 +0200 Subject: [PATCH 1/2] circleci integration --- .circleci/config.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..be6d49c --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,38 @@ +version: 2 + +terraform: &terraform + docker: + - image: hashicorp/terraform:latest + working_directory: /tmp/workspace/terraform + +jobs: + validate: + <<: *terraform + steps: + - checkout + - run: + name: terraform init + command: find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && terraform init -input=false -backend=false) || exit 1; done + - run: + name: Validate Terraform configurations + command: find . -name ".terraform" -prune -o -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && terraform validate && echo "√ $m") || exit 1 ; done + environment: + VAULT_ADDR: http://localhost:8200 + - run: + name: Check if Terraform configurations are properly formatted + command: if [[ -n "$(terraform fmt -write=false)" ]]; then echo "Some terraform files need be formatted, run 'terraform fmt' to fix"; exit 1; fi + - run: + name: Install tflint + command: $ curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && rm tflint.zip + - run: + name: Check Terraform configurations with tflint + command: tflint + - persist_to_workspace: + root: . + paths: . + +workflows: + version: 2 + build: + jobs: + - validate From d6783c5eb99eed4a0c4b27fde0ae703b2f3c4f8d Mon Sep 17 00:00:00 2001 From: Giuseppe Misurelli Date: Mon, 20 Apr 2020 19:56:13 +0200 Subject: [PATCH 2/2] fix build failures --- .circleci/config.yml | 2 +- README.md | 2 ++ examples/vault-entities/main.tf | 4 ++-- examples/vault-group/main.tf | 2 +- main.tf | 4 ++-- modules/vault-identity-entities/main.tf | 4 ++-- modules/vault-identity-entities/variables.tf | 10 +++++----- modules/vault-identity-groups/main.tf | 12 ++++++------ outputs.tf | 4 ++-- 9 files changed, 23 insertions(+), 21 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index be6d49c..a798d66 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -23,7 +23,7 @@ jobs: command: if [[ -n "$(terraform fmt -write=false)" ]]; then echo "Some terraform files need be formatted, run 'terraform fmt' to fix"; exit 1; fi - run: name: Install tflint - command: $ curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && rm tflint.zip + command: wget -O /tmp/tflint.zip https://github.com/wata727/tflint/releases/download/v0.15.4/tflint_linux_amd64.zip && unzip /tmp/tflint.zip -d /usr/local/bin - run: name: Check Terraform configurations with tflint command: tflint diff --git a/README.md b/README.md index 5bef0e8..18a9aef 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # terraform-vault-entities +[![misurellig](https://circleci.com/gh/misurellig/terraform-vault-identities.svg?style=svg)](https://circleci.com/gh/misurellig/workflows/terraform-vault-identities) + This module creates [Hashicorp Vault](https://www.vaultproject.io/) entities and internal groups as part of its [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity). The main module includes the following submodules: diff --git a/examples/vault-entities/main.tf b/examples/vault-entities/main.tf index d2f4768..7cda91a 100644 --- a/examples/vault-entities/main.tf +++ b/examples/vault-entities/main.tf @@ -3,7 +3,7 @@ terraform { } provider "vault" { - address = "http://127.0.0.1:8200" + address = "http://127.0.0.1:8200" } module "entities" { @@ -15,7 +15,7 @@ module "entities" { policies = ["composer", "director"] metadata = { "category" = "Classical" - "level" = "genious" + "level" = "genious" } }, { diff --git a/examples/vault-group/main.tf b/examples/vault-group/main.tf index f622d73..a7182cd 100644 --- a/examples/vault-group/main.tf +++ b/examples/vault-group/main.tf @@ -3,7 +3,7 @@ terraform { } provider "vault" { - address = "http://127.0.0.1:8200" + address = "http://127.0.0.1:8200" } data "vault_identity_entity" "mozart" { diff --git a/main.tf b/main.tf index 94ec2d2..30f1558 100644 --- a/main.tf +++ b/main.tf @@ -3,14 +3,14 @@ terraform { } provider "vault" { - address = var.vault_endpoint + address = var.vault_endpoint } module "vault_entities" { source = "./modules/vault-identity-entities" create_entity_aliases = var.create_vault_entity_aliases - entities = var.vault_entity_objects + entities = var.vault_entity_objects } module "vault_groups" { diff --git a/modules/vault-identity-entities/main.tf b/modules/vault-identity-entities/main.tf index 7f13974..28bbdd0 100644 --- a/modules/vault-identity-entities/main.tf +++ b/modules/vault-identity-entities/main.tf @@ -4,7 +4,7 @@ terraform { data "vault_auth_backend" "backend" { for_each = { - for alias in var.aliases: + for alias in var.aliases : alias.name => alias } path = each.value.auth_path @@ -22,7 +22,7 @@ resource "vault_identity_entity" "entity" { resource "vault_identity_entity_alias" "alias" { for_each = { - for alias in var.aliases: + for alias in var.aliases : alias.name => alias if var.create_entity_aliases } diff --git a/modules/vault-identity-entities/variables.tf b/modules/vault-identity-entities/variables.tf index 3240a50..884ccff 100644 --- a/modules/vault-identity-entities/variables.tf +++ b/modules/vault-identity-entities/variables.tf @@ -14,10 +14,10 @@ variable "create_entity_aliases" { variable "aliases" { description = "List of objects defining the alias to entity and auth path match" - type = list(object({ - name = string - entity = string - auth_path = string + type = list(object({ + name = string + entity = string + auth_path = string })) - default = [] + default = [] } diff --git a/modules/vault-identity-groups/main.tf b/modules/vault-identity-groups/main.tf index 06cdfac..4e6808c 100644 --- a/modules/vault-identity-groups/main.tf +++ b/modules/vault-identity-groups/main.tf @@ -4,14 +4,14 @@ terraform { resource "vault_identity_group" "group" { for_each = { - for group in var.groups: + for group in var.groups : group.name => group } - name = each.key - type = each.value.type - policies = each.value.policies - member_group_ids = each.value.member_group_ids + name = each.key + type = each.value.type + policies = each.value.policies + member_group_ids = each.value.member_group_ids member_entity_ids = each.value.member_entity_ids - metadata = each.value.metadata + metadata = each.value.metadata } diff --git a/outputs.tf b/outputs.tf index 8401878..26cc929 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,6 @@ output "vault_identity_entities" { description = "Map of Vault entity created" - value = module.vault_entities.entities + value = module.vault_entities.entity } output "vault_identity_entity_alias" { @@ -10,5 +10,5 @@ output "vault_identity_entity_alias" { output "vault_identity_groups" { description = "List of maps with relevant info for Vault created groups" - value = module.groups.identity_group + value = module.vault_groups.group }