refactor: Migrate from vault_generic_secret to vault_kv_secret_v2 for KV v2 compatibility
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 48s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Code Quality & Security Scan / Terraform Validate (push) Successful in 48s
Code Quality & Security Scan / SonarQube Scan (push) Successful in 43s
Code Quality & Security Scan / Terraform Plan (push) Failing after 1m6s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 48s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Code Quality & Security Scan / Terraform Validate (push) Successful in 48s
Code Quality & Security Scan / SonarQube Scan (push) Successful in 43s
Code Quality & Security Scan / Terraform Plan (push) Failing after 1m6s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
This commit is contained in:
parent
af1f1cc0b1
commit
c88fb4c15e
10
data.tf
10
data.tf
@ -1,8 +1,10 @@
|
||||
# Get DNS provider secrets from Vault
|
||||
data "vault_generic_secret" "dns" {
|
||||
path = "secret/dns"
|
||||
data "vault_kv_secret_v2" "dns" {
|
||||
mount = "secret"
|
||||
name = "dns"
|
||||
}
|
||||
|
||||
data "vault_generic_secret" "renovate" {
|
||||
path = "secret/renovate"
|
||||
data "vault_kv_secret_v2" "renovate" {
|
||||
mount = "secret"
|
||||
name = "renovate"
|
||||
}
|
||||
|
||||
20
main.tf
20
main.tf
@ -32,16 +32,16 @@ resource "docker_container" "renovate" {
|
||||
# Environment variables for Renovate
|
||||
env = concat(
|
||||
[
|
||||
"RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
|
||||
"RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
|
||||
"RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
|
||||
"RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}",
|
||||
"RENOVATE_USERNAME=${data.vault_generic_secret.renovate.data["renovate_username"]}",
|
||||
"RENOVATE_PLATFORM=${data.vault_kv_secret_v2.renovate.data["renovate_platform"]}",
|
||||
"RENOVATE_ENDPOINT=${data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]}",
|
||||
"RENOVATE_TOKEN=${data.vault_kv_secret_v2.renovate.data["renovate_token"]}",
|
||||
"RENOVATE_GIT_AUTHOR=${data.vault_kv_secret_v2.renovate.data["renovate_git_author"]}",
|
||||
"RENOVATE_USERNAME=${data.vault_kv_secret_v2.renovate.data["renovate_username"]}",
|
||||
"RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
|
||||
"LOG_LEVEL=${var.log_level}"
|
||||
],
|
||||
# GitHub token: prefer Vault, fall back to variable
|
||||
coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
|
||||
coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
|
||||
var.extra_env_vars
|
||||
)
|
||||
|
||||
@ -70,10 +70,10 @@ resource "docker_container" "renovate" {
|
||||
for_each = var.upload_config_file ? [1] : []
|
||||
content {
|
||||
content = templatefile("${path.module}/files/config.js.tpl", {
|
||||
platform = data.vault_generic_secret.renovate.data["renovate_platform"]
|
||||
endpoint = data.vault_generic_secret.renovate.data["renovate_endpoint"]
|
||||
git_author = data.vault_generic_secret.renovate.data["renovate_git_author"]
|
||||
username = data.vault_generic_secret.renovate.data["renovate_username"]
|
||||
platform = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
|
||||
endpoint = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
|
||||
git_author = data.vault_kv_secret_v2.renovate.data["renovate_git_author"]
|
||||
username = data.vault_kv_secret_v2.renovate.data["renovate_username"]
|
||||
autodiscover = var.renovate_autodiscover
|
||||
onboarding_config = var.renovate_onboarding_config
|
||||
})
|
||||
|
||||
@ -22,12 +22,12 @@ output "cache_volume" {
|
||||
|
||||
output "renovate_platform" {
|
||||
description = "Platform configured for Renovate"
|
||||
value = data.vault_generic_secret.renovate.data["renovate_platform"]
|
||||
value = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "renovate_endpoint" {
|
||||
description = "API endpoint configured for Renovate"
|
||||
value = data.vault_generic_secret.renovate.data["renovate_endpoint"]
|
||||
value = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
@ -20,10 +20,10 @@ terraform {
|
||||
# Configure the DNS Provider
|
||||
provider "dns" {
|
||||
update {
|
||||
server = data.vault_generic_secret.dns.data["dns_server"]
|
||||
key_name = data.vault_generic_secret.dns.data["key_name"]
|
||||
key_algorithm = data.vault_generic_secret.dns.data["key_algorithm"]
|
||||
key_secret = data.vault_generic_secret.dns.data["key_secret"]
|
||||
server = data.vault_kv_secret_v2.dns.data["dns_server"]
|
||||
key_name = data.vault_kv_secret_v2.dns.data["key_name"]
|
||||
key_algorithm = data.vault_kv_secret_v2.dns.data["key_algorithm"]
|
||||
key_secret = data.vault_kv_secret_v2.dns.data["key_secret"]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user