Skip to content

Commit

Permalink
Merge pull request #50 from gozer/issue/26/acl-tokens
Browse files Browse the repository at this point in the history 
Support for ACL Tokens
  • Loading branch information
@tinnightcap
tinnightcap committed Jul 30, 2015
2 parents cf97e1f + 302704d commit 29a5a05
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 4 deletions.
21 changes: 21 additions & 0 deletions nubis/terraform/inputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,24 @@ variable "shared_services_security_group_id" {
description = "ID of that SG"
}

variable "master_acl_token" {
description = "Master ACL Token (use uuidgen)"
}

variable "acl_down_policy" {
description = "Policy for when ACL master is down"
default = "extend-cache"
}

variable "acl_default_policy" {
description = "Default ACL action for anonymous users"
default = "allow"
}

variable "manage_iam" {
description = "IAM roles should be managed in which region"
default = {
us-east-1 = "1"
us-west-2 = "0"
}
}
11 changes: 7 additions & 4 deletions nubis/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ resource "aws_launch_configuration" "consul" {
image_id = "${var.ami}"
instance_type = "m3.medium"
key_name = "${var.key_name}"
iam_instance_profile = "${aws_iam_instance_profile.consul.name}"
iam_instance_profile = "${var.project}"

security_groups = [
"${aws_security_group.consul.id}",
"${var.internet_security_group_id}",
"${var.shared_services_security_group_id}",
]
lifecycle { create_before_destroy = true }
user_data = "NUBIS_PROJECT=${var.project}\nNUBIS_ENVIRONMENT=${var.environment}\nNUBIS_DOMAIN=${var.nubis_domain}\nCONSUL_SECRET=${var.consul_secret}\nCONSUL_BOOTSTRAP_EXPECT=$(( 1 +${var.servers} ))\nCONSUL_KEY=\"${file("${var.ssl_key}")}\"\nCONSUL_CERT=\"${file("${var.ssl_cert}")}\""
user_data = "NUBIS_PROJECT=${var.project}\nNUBIS_ENVIRONMENT=${var.environment}\nNUBIS_DOMAIN=${var.nubis_domain}\nCONSUL_MASTER_ACL_TOKEN=${var.master_acl_token}\nCONSUL_ACL_DEFAULT_POLICY=${var.acl_default_policy}\nCONSUL_ACL_DOWN_POLICY=${var.acl_down_policy}\nCONSUL_SECRET=${var.consul_secret}\nCONSUL_BOOTSTRAP_EXPECT=$(( 1 +${var.servers} ))\nCONSUL_KEY=\"${file("${var.ssl_key}")}\"\nCONSUL_CERT=\"${file("${var.ssl_cert}")}\""
}

resource "aws_autoscaling_group" "consul" {
Expand Down Expand Up @@ -57,14 +57,14 @@ resource "aws_instance" "bootstrap" {
"${var.shared_services_security_group_id}",
]

iam_instance_profile = "${aws_iam_instance_profile.consul.name}"
iam_instance_profile = "${var.project}"

tags {
Name = "Consul boostrap node (v/${var.release}.${var.build})"
Release = "${var.release}"
}

user_data = "NUBIS_PROJECT=${var.project}\nNUBIS_ENVIRONMENT=${var.environment}\nNUBIS_DOMAIN=${var.nubis_domain}\nCONSUL_SECRET=${var.consul_secret}\nCONSUL_BOOTSTRAP_EXPECT=$(( 1 + ${var.servers} ))\nCONSUL_KEY=\"${file("${var.ssl_key}")}\"\nCONSUL_CERT=\"${file("${var.ssl_cert}")}\""
user_data = "NUBIS_PROJECT=${var.project}\nNUBIS_ENVIRONMENT=${var.environment}\nNUBIS_DOMAIN=${var.nubis_domain}\nCONSUL_MASTER_ACL_TOKEN=${var.master_acl_token}\nCONSUL_ACL_DEFAULT_POLICY=${var.acl_default_policy}\nCONSUL_ACL_DOWN_POLICY=${var.acl_down_policy}\nCONSUL_SECRET=${var.consul_secret}\nCONSUL_BOOTSTRAP_EXPECT=$(( 1 + ${var.servers} ))\nCONSUL_KEY=\"${file("${var.ssl_key}")}\"\nCONSUL_CERT=\"${file("${var.ssl_cert}")}\""
}

resource "aws_security_group" "consul" {
Expand Down Expand Up @@ -195,11 +195,13 @@ resource "aws_route53_record" "ui" {
}

resource "aws_iam_instance_profile" "consul" {
count = "${lookup(var.manage_iam, var.region)}"
name = "${var.project}"
roles = ["${aws_iam_role.consul.name}"]
}

resource "aws_iam_role" "consul" {
count = "${lookup(var.manage_iam, var.region)}"
name = "${var.project}"
path = "/"
assume_role_policy = <<EOF
Expand All @@ -220,6 +222,7 @@ EOF
}

resource "aws_iam_role_policy" "consul" {
count = "${lookup(var.manage_iam, var.region)}"
name = "${var.project}"
role = "${aws_iam_role.consul.id}"
policy = <<EOF
Expand Down
1 change: 1 addition & 0 deletions nubis/terraform/sandbox/us-west-2/inputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../../inputs.tf
1 change: 1 addition & 0 deletions nubis/terraform/sandbox/us-west-2/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../../main.tf
1 change: 1 addition & 0 deletions nubis/terraform/terraform.tfvars-dist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,4 @@ ssl_cert = "consul.pem"
internet_security_group_id = "sg-XXXXXXXX"
shared_services_security_group_id = "sg-XXXXXXXX"
https_cert_arn = "arn:aws:iam::xxxxx"
master_acl_token = "AAAAAAAA-BBBB-CCCC-DDDD-EEEEFFFF0000" # use uuidgen

0 comments on commit 29a5a05

Please sign in to comment.