Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- terraform {
- required_providers {
- boundary = {
- source = "hashicorp/boundary"
- version = "1.0.3"
- }
- }
- }
- provider "boundary" {
- addr = "http://127.0.0.1:9200"
- recovery_kms_hcl = <<EOT
- kms "awskms" {
- purpose = "recovery"
- region = "${var.kms_region}"
- access_key = "${var.aws_access_key}"
- secret_key = "${var.aws_secret_key}"
- kms_key_id = "${var.kms_key_id}"
- }
- EOT
- }
- resource "boundary_scope" "global" {
- global_scope = true
- name = "global"
- scope_id = "global"
- }
- resource "boundary_scope" "org" {
- name = "Company org."
- description = "This org belongs to ${var.environment} environment"
- scope_id = boundary_scope.global.id
- }
- // create a project for core infrastructure
- resource "boundary_scope" "core_infra" {
- name = "Infra scope"
- description = "${var.environment} project"
- scope_id = boundary_scope.org.id
- auto_create_admin_role = true
- auto_create_default_role = true
- }
- resource "boundary_auth_method" "password" {
- name = "password"
- scope_id = boundary_scope.org.id
- type = "password"
- }
- # User account policy
- resource "boundary_auth_method_password" "method_password" {
- name = "password"
- scope_id = boundary_scope.org.scope_id
- min_login_name_length = 3
- min_password_length = 10
- }
- resource "boundary_user" "devops_team" {
- for_each = var.devops_team
- name = each.key
- description = "Devops user: ${each.key}"
- account_ids = [boundary_account.devops_user_acct[each.value].id]
- scope_id = boundary_scope.org.id
- }
- # User account creation
- resource "boundary_account" "devops_user_acct" {
- for_each = var.devops_team
- description = "user account"
- name = each.key
- type = "password"
- login_name = lower(each.key)
- password = var.default_devops_password
- auth_method_id = boundary_auth_method.password.id
- }
- // project level group for backend management of org
- resource "boundary_group" "devops_core_infra" {
- name = "devops"
- description = "devops team group"
- member_ids = [for user in boundary_user.devops_team : user.id]
- scope_id = boundary_scope.org.id
- }
- # Allows make any changes in the org
- resource "boundary_role" "org_admin" {
- name = "devops_role"
- description = "DevOps role"
- scope_id = boundary_scope.global.id
- grant_scope_id = boundary_scope.org.id
- grant_strings = [
- "id=*;type=*;actions=*"
- ]
- principal_ids = concat(
- [for user in boundary_user.devops_team : user.id],
- )
- }
- # Allows make any changes in the project core_infra
- resource "boundary_role" "infra_admin" {
- name = "devops_role"
- description = "DevOps role"
- scope_id = boundary_scope.org.id
- grant_scope_id = boundary_scope.core_infra.id
- grant_strings = [
- "id=*;type=*;actions=*"
- ]
- principal_ids = concat(
- [for user in boundary_user.devops_team : user.id],
- )
- }
- # Creation of catalog, this store server ip
- resource "boundary_host_catalog" "infra_servers" {
- name = "infra_servers"
- description = "Infraestructure host catalog"
- type = "static"
- scope_id = boundary_scope.core_infra.id
- }
- # Add static hosts using list of infra_server_ips in variables.tf
- resource "boundary_host" "infra_servers" {
- for_each = var.infra_server_ips
- type = "static"
- name = "infra_server_service?${each.value}"
- description = "Infraestructure server host"
- address = each.key
- host_catalog_id = boundary_host_catalog.infra_servers.id
- }
- resource "boundary_host_set" "infra_server_ssh" {
- type = "static"
- name = "infra_server_ssh"
- description = "Host set for infra servers"
- host_catalog_id = boundary_host_catalog.infra_servers.id
- host_ids = [for host in boundary_host.infra_servers : host.id]
- }
- resource "boundary_target" "infra_servers_service" {
- type = "tcp"
- name = "infra_server"
- description = "Infra server target"
- scope_id = boundary_scope.core_infra.id
- default_port = var.host_port
- host_set_ids = [
- boundary_host_set.infra_server_ssh.id
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
