wbyc/terraform-docker-renovate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Migrate from vault_generic_secret to vault_kv_secret_v2 for KV v2 compatibility
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Details
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 48s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Details
Code Quality & Security Scan / Terraform Validate (push) Successful in 48s
Details
Code Quality & Security Scan / SonarQube Scan (push) Successful in 43s
Details
Code Quality & Security Scan / Terraform Plan (push) Failing after 1m6s
Details
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Details

Browse Source
This commit is contained in:
Patrick de Ruiter 2025-12-01 09:26:57 +01:00
parent af1f1cc0b1
commit c88fb4c15e
Signed by: pderuiter
GPG Key ID: 5EBA7F21CF583321
4 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
data.tf
View File

@ -1,8 +1,10 @@
# Get DNS provider secrets from Vault # Get DNS provider secrets from Vault
data "vault_generic_secret" "dns" { data "vault_kv_secret_v2" "dns" {
path = "secret/dns" mount = "secret"
name = "dns"
} }
data "vault_generic_secret" "renovate" { data "vault_kv_secret_v2" "renovate" {
path = "secret/renovate" mount = "secret"
name = "renovate"
} }

20
main.tf
View File

@ -32,16 +32,16 @@ resource "docker_container" "renovate" {
# Environment variables for Renovate # Environment variables for Renovate
env = concat( env = concat(
[ [
"RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}", "RENOVATE_PLATFORM=${data.vault_kv_secret_v2.renovate.data["renovate_platform"]}",
"RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}", "RENOVATE_ENDPOINT=${data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]}",
"RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}", "RENOVATE_TOKEN=${data.vault_kv_secret_v2.renovate.data["renovate_token"]}",
"RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}", "RENOVATE_GIT_AUTHOR=${data.vault_kv_secret_v2.renovate.data["renovate_git_author"]}",
"RENOVATE_USERNAME=${data.vault_generic_secret.renovate.data["renovate_username"]}", "RENOVATE_USERNAME=${data.vault_kv_secret_v2.renovate.data["renovate_username"]}",
"RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}", "RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
"LOG_LEVEL=${var.log_level}" "LOG_LEVEL=${var.log_level}"
], ],
# GitHub token: prefer Vault, fall back to variable # GitHub token: prefer Vault, fall back to variable
coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token)}"] : [], coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
var.extra_env_vars var.extra_env_vars
) )
@ -70,10 +70,10 @@ resource "docker_container" "renovate" {
for_each = var.upload_config_file ? [1] : [] for_each = var.upload_config_file ? [1] : []
content { content {
content = templatefile("${path.module}/files/config.js.tpl", { content = templatefile("${path.module}/files/config.js.tpl", {
platform = data.vault_generic_secret.renovate.data["renovate_platform"] platform = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
endpoint = data.vault_generic_secret.renovate.data["renovate_endpoint"] endpoint = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
git_author = data.vault_generic_secret.renovate.data["renovate_git_author"] git_author = data.vault_kv_secret_v2.renovate.data["renovate_git_author"]
username = data.vault_generic_secret.renovate.data["renovate_username"] username = data.vault_kv_secret_v2.renovate.data["renovate_username"]
autodiscover = var.renovate_autodiscover autodiscover = var.renovate_autodiscover
onboarding_config = var.renovate_onboarding_config onboarding_config = var.renovate_onboarding_config
}) })

4
outputs.tf
View File

@ -22,12 +22,12 @@ output "cache_volume" {
output "renovate_platform" { output "renovate_platform" {
description = "Platform configured for Renovate" description = "Platform configured for Renovate"
value = data.vault_generic_secret.renovate.data["renovate_platform"] value = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
sensitive = true sensitive = true
} }
output "renovate_endpoint" { output "renovate_endpoint" {
description = "API endpoint configured for Renovate" description = "API endpoint configured for Renovate"
value = data.vault_generic_secret.renovate.data["renovate_endpoint"] value = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
sensitive = true sensitive = true
} }

8
provider.tf
View File

@ -20,10 +20,10 @@ terraform {
# Configure the DNS Provider # Configure the DNS Provider
provider "dns" { provider "dns" {
update { update {
server = data.vault_generic_secret.dns.data["dns_server"] server = data.vault_kv_secret_v2.dns.data["dns_server"]
key_name = data.vault_generic_secret.dns.data["key_name"] key_name = data.vault_kv_secret_v2.dns.data["key_name"]
key_algorithm = data.vault_generic_secret.dns.data["key_algorithm"] key_algorithm = data.vault_kv_secret_v2.dns.data["key_algorithm"]
key_secret = data.vault_generic_secret.dns.data["key_secret"] key_secret = data.vault_kv_secret_v2.dns.data["key_secret"]
} }
} }