Closed josemaia closed 2 years ago
Would also like to have this feature. Nomad is a first class citizen in vault, would really like to be able to manage it with terraform.
It looks like this should be pretty similar to the Consul and RabbitMQ backends. I've started a branch in my fork that copies these resources. Assistance welcome
https://github.com/spuder/terraform-provider-vault/tree/nomad_secret_backend
@spuder how is it going? do you still need help? would love to see that in place :)
I've slowed down the development on this feature due to a limitation on the vault api. There is no way to import an already created vault token, nor is there a way to read back the token if terraform dynamically creates it, which limits the usefulness of terraform here. Additionally the user will need to tread very carefully to not commit tokens to version control or terraform state files.
resource "vault_nomad_secret_backend" "test" {
path = "nomad"
description = "Manages the Nomad backend"
address = "127.0.0.1:4646"
token = "4240861b-ce3d-8530-115a-521ff070dd29"
}
I've created a WIP merge request where others can join in and contribute. https://github.com/terraform-providers/terraform-provider-vault/pull/831 Since this functionality has limited usefulness at my organization, it's unknown when/if I would be able to complete this.
Tasks where others can jump in:
make testacc TESTARGS='-run= testNomadSecretBackendRole_initialConfig'
)In the meantime is possible to use a null resource to invoke the vault cli to create the nomad role.
resource "null_resource" "nomad_role_foo" {
provisioner "local-exec" {
command = <<EOF
vault write nomad/role/foo policies=bar
EOF
}
}
I believe this was added in https://github.com/hashicorp/terraform-provider-vault/pull/923.
Thanks!
Much like is possible for SSH, AWS, Azure, etc., I would like to be able to provision and configure my Vault to provide Nomad authentication.
I believe currently you can only do the creation of the mount, with vault_mount, but not configure any of its details (lease time, Nomad cluster address, tokens, roles, etc.). Requiring us to introduce a shell script just for this part of the configuration, when everything else in our Vault is setup via Terraform, is kind of unfortunate.