From d85f16569bb70fd7ac6eec19541da6961a166749 Mon Sep 17 00:00:00 2001 From: jasonmcintosh Date: Mon, 5 Feb 2018 12:36:18 -0600 Subject: [PATCH] Support finding vpcs and subnets by tags --- examples/vault-cluster-private/variables.tf | 2 +- main.tf | 14 +++++++++----- modules/private-tls-cert/outputs.tf | 1 - modules/vault-cluster/variables.tf | 5 +++-- outputs.tf | 2 +- variables.tf | 17 ++++++++++++++++- 6 files changed, 30 insertions(+), 11 deletions(-) diff --git a/examples/vault-cluster-private/variables.tf b/examples/vault-cluster-private/variables.tf index f6a8a938..8d5bc9a7 100644 --- a/examples/vault-cluster-private/variables.tf +++ b/examples/vault-cluster-private/variables.tf @@ -67,4 +67,4 @@ variable "consul_cluster_tag_key" { variable "vpc_id" { description = "The ID of the VPC to deploy into. Leave an empty string to use the Default VPC in this region." default = "" -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index dcb5802b..a40adf7b 100644 --- a/main.tf +++ b/main.tf @@ -30,10 +30,10 @@ terraform { # /_ci/publish-amis-in-new-account.md for more information. # --------------------------------------------------------------------------------------------------------------------- data "aws_ami" "vault_consul" { - most_recent = true + most_recent = true # If we change the AWS Account in which test are run, update this value. - owners = ["562637147889"] + owners = ["562637147889"] filter { name = "virtualization-type" @@ -135,10 +135,12 @@ module "vault_elb" { # In order to access Vault over HTTPS, we need a domain name that matches the TLS cert create_dns_entry = "${var.create_dns_entry}" + # Terraform conditionals are not short-circuiting, so we use join as a workaround to avoid errors when the # aws_route53_zone data source isn't actually set: https://github.com/hashicorp/hil/issues/50 - hosted_zone_id = "${var.create_dns_entry ? join("", data.aws_route53_zone.selected.*.zone_id) : ""}" - domain_name = "${var.vault_domain_name}" + hosted_zone_id = "${var.create_dns_entry ? join("", data.aws_route53_zone.selected.*.zone_id) : ""}" + + domain_name = "${var.vault_domain_name}" } # Look up the Route 53 Hosted Zone by domain name @@ -198,9 +200,11 @@ data "template_file" "user_data_consul" { # --------------------------------------------------------------------------------------------------------------------- data "aws_vpc" "default" { - default = true + default = "${var.use_default_vpc}" + tags = "${var.vpc_tags}" } data "aws_subnet_ids" "default" { vpc_id = "${data.aws_vpc.default.id}" + tags = "${var.subnet_tags}" } diff --git a/modules/private-tls-cert/outputs.tf b/modules/private-tls-cert/outputs.tf index 345fdea1..89dd1dae 100644 --- a/modules/private-tls-cert/outputs.tf +++ b/modules/private-tls-cert/outputs.tf @@ -9,4 +9,3 @@ output "public_key_file_path" { output "private_key_file_path" { value = "${var.private_key_file_path}" } - diff --git a/modules/vault-cluster/variables.tf b/modules/vault-cluster/variables.tf index a5f37745..539383ad 100644 --- a/modules/vault-cluster/variables.tf +++ b/modules/vault-cluster/variables.tf @@ -78,7 +78,8 @@ variable "cluster_tag_key" { variable "cluster_extra_tags" { description = "A list of additional tags to add to each Instance in the ASG. Each element in the list must be a map with the keys key, value, and propagate_at_launch" - type = "list" + type = "list" + #example: # default = [ # { @@ -170,4 +171,4 @@ variable "cluster_port" { variable "ssh_port" { description = "The port used for SSH connections" default = 22 -} \ No newline at end of file +} diff --git a/outputs.tf b/outputs.tf index adcc53ae..e53329fb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -64,4 +64,4 @@ output "ssh_key_name" { output "vault_cluster_size" { value = "${var.vault_cluster_size}" -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index 49c57fc6..b718f3b7 100644 --- a/variables.tf +++ b/variables.tf @@ -13,7 +13,7 @@ variable "ami_id" { description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/vault-consul-ami/vault-consul.json. If no AMI is specified, the template will 'just work' by using the example public AMIs. WARNING! Do not use the example AMIs in a production setting!" - default = "" + default = "" } variable "create_dns_entry" { @@ -37,6 +37,21 @@ variable "ssh_key_name" { # These parameters have reasonable defaults. # --------------------------------------------------------------------------------------------------------------------- +variable "subnet_tags" { + description = "Tags used to find subnets for vault and consul servers" + default = {} +} + +variable "vpc_tags" { + description = "Tags used to find a vpc for building resources in" + default = {} +} + +variable "use_default_vpc" { + description = "Whether to use the default VPC - NOT recommended for production! - should more likely change this to false and use the vpc_tags to find your vpc" + default = true +} + variable "aws_region" { description = "The AWS region to deploy into (e.g. us-east-1)." default = "us-east-1"