forked from ExpediaGroup/apiary-authorization
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secretsmanager.tf
76 lines (64 loc) · 2.14 KB
/
secretsmanager.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/**
* Copyright (C) 2018 Expedia Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
*/
resource "aws_secretsmanager_secret" "db_master_user" {
name = "ranger-db-master-user"
tags = "${var.apiary_tags}"
}
resource "aws_secretsmanager_secret_version" "db_master_user" {
secret_id = "${aws_secretsmanager_secret.db_master_user.id}"
secret_string = "${jsonencode(map("username",var.db_master_username,"password",random_string.db_master_password.result))}"
}
resource "random_string" "db_audit_password" {
length = 16
special = false
}
resource "aws_secretsmanager_secret" "db_audit_user" {
name = "ranger-db-audit-user"
tags = "${var.apiary_tags}"
}
resource "aws_secretsmanager_secret_version" "db_audit_user_user" {
secret_id = "${aws_secretsmanager_secret.db_audit_user.id}"
secret_string = "${jsonencode(map("username",var.db_audit_username,"password",random_string.db_audit_password.result))}"
}
resource "random_string" "ranger_admin_password" {
length = 16
min_lower = 1
min_upper = 1
min_numeric = 1
special = false
}
resource "random_string" "ranger_tagsync_password" {
length = 16
min_lower = 1
min_upper = 1
min_numeric = 1
special = false
}
resource "random_string" "ranger_usersync_password" {
length = 16
min_lower = 1
min_upper = 1
min_numeric = 1
special = false
}
resource "random_string" "keyadmin_password" {
length = 16
min_lower = 1
min_upper = 1
min_numeric = 1
special = false
}
resource "aws_secretsmanager_secret" "ranger_admin" {
name = "ranger-admin"
tags = "${var.apiary_tags}"
}
resource "aws_secretsmanager_secret_version" "ranger_admin" {
secret_id = "${aws_secretsmanager_secret.ranger_admin.id}"
secret_string = "${jsonencode(map("rangerAdmin_password",random_string.ranger_admin_password.result,"rangerTagsync_password",random_string.ranger_tagsync_password.result,"rangerUsersync_password",random_string.ranger_usersync_password.result,"keyadmin_password",random_string.keyadmin_password.result))}"
}
data "aws_secretsmanager_secret" "ldap_user" {
name = "${var.ldap_secret_name}"
}