forked from cloudfoundry/routing-concourse
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcredentials.tf
62 lines (53 loc) · 1.99 KB
/
credentials.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# To rotate password, use terraform taint random_password.<name> and then terraform apply
resource "random_password" "postgres" {
length = 16
special = false
}
resource "random_password" "concourse_admin" {
length = 16
special = false
}
resource "local_sensitive_file" "concourse_env" {
lifecycle {
precondition {
condition = local.git_client_id != "" && local.git_client_secret != ""
error_message = "You need to set both GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET variables."
}
}
content = <<-ENV
CONCOURSE_POSTGRES_PASSWORD=${random_password.postgres.result}
CONCOURSE_ADMIN_PWD=${random_password.concourse_admin.result}
CONCOURSE_EXTERNAL_URL=https://${var.hostname}.${var.dns_zone_fqdn}
CONCOURSE_GITHUB_CLIENT_ID=${local.git_client_id}
CONCOURSE_GITHUB_CLIENT_SECRET=${local.git_client_secret}
ENV
filename = "${path.module}/.concourse.env"
}
# Below construct retrieves last used variable value from my own remote state
# so that users don't need to input it again when doing unrelated changes
data "terraform_remote_state" "my_state" {
backend = "gcs"
config = {
bucket = "arp-concourse-state"
prefix = "terraform/state"
}
# Empty defaults for intial seeding
defaults = {
GITHUB_CLIENT_ID = ""
GITHUB_CLIENT_SECRET = ""
}
}
locals {
git_client_id = var.GITHUB_CLIENT_ID != "" ? var.GITHUB_CLIENT_ID : data.terraform_remote_state.my_state.outputs.GITHUB_CLIENT_ID
git_client_secret = var.GITHUB_CLIENT_SECRET != "" ? var.GITHUB_CLIENT_SECRET : data.terraform_remote_state.my_state.outputs.GITHUB_CLIENT_SECRET
}
output "GITHUB_CLIENT_ID" {
value = local.git_client_id
description = "Github client ID from oAuth application config in git to allow concourse use git as auth."
sensitive = true
}
output "GITHUB_CLIENT_SECRET" {
value = local.git_client_secret
description = "Github client secret from oAuth application config in git to allow concourse use git as auth"
sensitive = true
}