mirror of
https://github.com/kemko/nomad.git
synced 2026-01-08 11:25:41 +03:00
7b00a118f5
Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future.
26 lines
723 B
Bash
Executable File
26 lines
723 B
Bash
Executable File
#!/bin/bash
|
|
|
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
|
|
while true :
|
|
do
|
|
ROOT_TOKEN=$(nomad acl bootstrap | awk '/Secret ID/{print $4}')
|
|
if [ ! -z $ROOT_TOKEN ]; then break; fi
|
|
sleep 5
|
|
done
|
|
set -e
|
|
|
|
export NOMAD_TOKEN="$ROOT_TOKEN"
|
|
|
|
mkdir -p ../keys
|
|
echo $NOMAD_TOKEN > "${DIR}/../keys/nomad_root_token"
|
|
|
|
# Our default policy after bootstrapping will be full-access. Without
|
|
# further policy, we only test that we're hitting the ACL code
|
|
# Tests can set their own ACL policy using the management token so
|
|
# long as they clean up the ACLs afterwards.
|
|
nomad acl policy apply \
|
|
-description "Anonymous policy (full-access)" \
|
|
anonymous \
|
|
"${DIR}/anonymous.policy.hcl"
|