Skip to content

Commit

Permalink
refactor pwd pol special char option
Browse files Browse the repository at this point in the history
  • Loading branch information
@dfry
dfry committed Mar 30, 2023
1 parent 03a60d5 commit 95e671a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 6 deletions.
1 change: 1 addition & 0 deletions gitlab_templates/switch-iac/workbench-config-15.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@
"ttksims_enabled": "true",
"quoting_service_simple_routing_mode_enabled": "false",
"vault_config_operator_helm_chart_version": "0.8.13",
"password_policy_use_special_chars": "true",
"internal_pm4ml_configs": [
{
"DFSP_NAME": "pm4mlreceiverfsp",
Expand Down
12 changes: 6 additions & 6 deletions terraform/k8s-apps-setup/state-setup/stateful-resources-config.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ resource "helm_release" "vault_cr_pwdpolicy" {
auth_path = "kubernetes_op"
auth_role = "policy-admin"
resource_type = each.value.resource_type
resource_name = each.value.resource_name
namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
vault_base_path = each.value.generate_secret_vault_base_path
resource_name = each.value.resource_name
secret_name = each.value.generate_secret_name
secret_keys_map = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
Expand All @@ -29,10 +29,10 @@ resource "helm_release" "vault_cr_randomsecret" {
auth_path = "kubernetes_op"
auth_role = "policy-admin"
resource_type = each.value.resource_type
resource_name = each.value.resource_name
namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
vault_base_path = each.value.generate_secret_vault_base_path
resource_name = each.value.resource_name
secret_name = each.value.generate_secret_name
secret_keys_map = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
Expand All @@ -53,10 +53,10 @@ resource "helm_release" "vault_cr_vaultsecret" {
auth_path = "kubernetes_op"
auth_role = "policy-admin"
resource_type = each.value.resource_type
resource_name = each.value.resource_name
namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
vault_base_path = each.value.generate_secret_vault_base_path
resource_name = each.value.resource_name
secret_name = each.value.generate_secret_name
secret_keys_map = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
Expand Down
11 changes: 11 additions & 0 deletions terraform/k8s-apps-setup/state-setup/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,17 @@ variable "storage_class_name" {
default = "longhorn"
}

variable "password_policy_special_chars" {
description = "special chars for password policies"
type = string
default = "!@#$%^&*"
}

variable "password_policy_use_special_chars" {
description = "use special chars for password policies?"
type = bool
default = true
}

variable "stateful_resources" {
description = "stateful resource config data"
Expand Down

0 comments on commit 95e671a

Please sign in to comment.