Prepare opentofu config for multi-bucket services
This commit is contained in:
parent
dcddb46d63
commit
d89e1221fd
GPG key ID:
13AD60C237A28DFE
5 changed files with 10 additions and 7 deletions
|
|
@ -31,7 +31,8 @@ terraform {
|
|||
locals {
|
||||
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||
services_database = {for key, val in var.services : key => val if val.database}
|
||||
services_s3 = {for key, val in var.services : key => val if val.s3}
|
||||
services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if val.s3}
|
||||
buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
|
||||
|
||||
hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,9 +51,9 @@ output "healthchecksio" {
|
|||
|
||||
output "scaleway_data" {
|
||||
value = {
|
||||
for key in keys(scaleway_iam_application.service_applications) : key => {
|
||||
"access_key" = scaleway_iam_api_key.service_keys[key].access_key
|
||||
"secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
|
||||
for key, val in local.buckets_s3 : key => {
|
||||
"access_key" = scaleway_iam_api_key.service_keys[val].access_key
|
||||
"secret_key" = scaleway_iam_api_key.service_keys[val].secret_key
|
||||
"name" = scaleway_object_bucket.service_buckets[key].name
|
||||
"region" = scaleway_object_bucket.service_buckets[key].region
|
||||
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
|
|||
}
|
||||
|
||||
resource "scaleway_object_bucket" "service_buckets" {
|
||||
for_each = local.services_s3
|
||||
for_each = local.buckets_s3
|
||||
name = "${each.key}.serguzim.me"
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
|
|
@ -35,7 +35,7 @@ resource "scaleway_object_bucket" "service_buckets" {
|
|||
}
|
||||
|
||||
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
||||
for_each = local.services_s3
|
||||
for_each = local.buckets_s3
|
||||
bucket = scaleway_object_bucket.service_buckets[each.key].id
|
||||
policy = jsonencode({
|
||||
Version = "2023-04-17",
|
||||
|
|
@ -58,7 +58,7 @@ resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
|||
Effect = "Allow"
|
||||
Action = "*"
|
||||
Principal = {
|
||||
SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
|
||||
SCW = "application_id:${scaleway_iam_application.service_applications[each.value].id}"
|
||||
}
|
||||
Resource = [
|
||||
"${scaleway_object_bucket.service_buckets[each.key].name}",
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ variable "services" {
|
|||
auth_cert = optional(string)
|
||||
auth_redirects = optional(list(string))
|
||||
s3 = bool
|
||||
s3_buckets = optional(list(string))
|
||||
database = bool
|
||||
}))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,6 +162,7 @@ variable "services" {
|
|||
auth_cert = optional(string)
|
||||
auth_redirects = optional(list(string))
|
||||
s3 = bool
|
||||
s3_buckets = optional(list(string))
|
||||
database = bool
|
||||
mail = optional(string)
|
||||
}))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue