From d89e1221fd67367109c5839ed941a6d37b5f4cd2 Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <tobias@msrg.cc>
Date: Tue, 15 Apr 2025 23:48:59 +0200
Subject: [PATCH] Prepare opentofu config for multi-bucket services
---
modules/infrastructure/main.tf | 3 ++-
modules/infrastructure/output.tf | 6 +++---
modules/infrastructure/scaleway.tf | 6 +++---
modules/infrastructure/variables.tf | 1 +
variables.tf | 1 +
5 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/modules/infrastructure/main.tf b/modules/infrastructure/main.tf
index 2767415..0858f81 100644
--- a/modules/infrastructure/main.tf
+++ b/modules/infrastructure/main.tf
@@ -31,7 +31,8 @@ terraform {
locals {
services_auth = {for key, val in var.services : key => val if val.auth}
services_database = {for key, val in var.services : key => val if val.database}
- services_s3 = {for key, val in var.services : key => val if val.s3}
+ services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if val.s3}
+ buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}
}
diff --git a/modules/infrastructure/output.tf b/modules/infrastructure/output.tf
index 3307db5..be18002 100644
--- a/modules/infrastructure/output.tf
+++ b/modules/infrastructure/output.tf
@@ -51,9 +51,9 @@ output "healthchecksio" {
output "scaleway_data" {
value = {
- for key in keys(scaleway_iam_application.service_applications) : key => {
- "access_key" = scaleway_iam_api_key.service_keys[key].access_key
- "secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
+ for key, val in local.buckets_s3 : key => {
+ "access_key" = scaleway_iam_api_key.service_keys[val].access_key
+ "secret_key" = scaleway_iam_api_key.service_keys[val].secret_key
"name" = scaleway_object_bucket.service_buckets[key].name
"region" = scaleway_object_bucket.service_buckets[key].region
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
diff --git a/modules/infrastructure/scaleway.tf b/modules/infrastructure/scaleway.tf
index f017a11..6b823c1 100644
--- a/modules/infrastructure/scaleway.tf
+++ b/modules/infrastructure/scaleway.tf
@@ -27,7 +27,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
}
resource "scaleway_object_bucket" "service_buckets" {
- for_each = local.services_s3
+ for_each = local.buckets_s3
name = "${each.key}.serguzim.me"
lifecycle {
prevent_destroy = true
@@ -35,7 +35,7 @@ resource "scaleway_object_bucket" "service_buckets" {
}
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
- for_each = local.services_s3
+ for_each = local.buckets_s3
bucket = scaleway_object_bucket.service_buckets[each.key].id
policy = jsonencode({
Version = "2023-04-17",
@@ -58,7 +58,7 @@ resource "scaleway_object_bucket_policy" "service_bucket_policies" {
Effect = "Allow"
Action = "*"
Principal = {
- SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
+ SCW = "application_id:${scaleway_iam_application.service_applications[each.value].id}"
}
Resource = [
"${scaleway_object_bucket.service_buckets[each.key].name}",
diff --git a/modules/infrastructure/variables.tf b/modules/infrastructure/variables.tf
index 4f5918d..f5339ee 100644
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@@ -32,6 +32,7 @@ variable "services" {
auth_cert = optional(string)
auth_redirects = optional(list(string))
s3 = bool
+ s3_buckets = optional(list(string))
database = bool
}))
}
diff --git a/variables.tf b/variables.tf
index e25622f..a28d5af 100644
--- a/variables.tf
+++ b/variables.tf
@@ -162,6 +162,7 @@ variable "services" {
auth_cert = optional(string)
auth_redirects = optional(list(string))
s3 = bool
+ s3_buckets = optional(list(string))
database = bool
mail = optional(string)
}))