From 02c89b9946c7c9c2ac2d9c81d2d9c75d8e2b65ff Mon Sep 17 00:00:00 2001
From: adamlahbib <adem.lahbib@insat.ucar.tn>
Date: Sun, 17 Nov 2024 02:41:33 +0100
Subject: [PATCH] Refactor terraform files to include Cloudflare API Token

---
 .github/actions/terraform-apply/action.yaml   | 4 ++++
 .github/actions/terraform-destroy/action.yaml | 4 ++++
 .github/actions/terraform-plan/action.yaml    | 4 ++++
 .github/workflows/destroy.yaml                | 2 ++
 .github/workflows/plan.yaml                   | 4 +++-
 .github/workflows/sync-and-deploy.yaml        | 2 ++
 terraform/main.tf                             | 1 +
 terraform/tls.tf                              | 8 ++++----
 8 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/.github/actions/terraform-apply/action.yaml b/.github/actions/terraform-apply/action.yaml
index 5d98ee0..dac469c 100644
--- a/.github/actions/terraform-apply/action.yaml
+++ b/.github/actions/terraform-apply/action.yaml
@@ -32,6 +32,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -49,6 +52,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-apply@v1
       with:
         path: ./terraform
diff --git a/.github/actions/terraform-destroy/action.yaml b/.github/actions/terraform-destroy/action.yaml
index 3a25557..316aa3e 100644
--- a/.github/actions/terraform-destroy/action.yaml
+++ b/.github/actions/terraform-destroy/action.yaml
@@ -32,6 +32,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -49,6 +52,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-destroy@v1
       with:
         path: ./terraform
diff --git a/.github/actions/terraform-plan/action.yaml b/.github/actions/terraform-plan/action.yaml
index 80c656e..cc2ca34 100644
--- a/.github/actions/terraform-plan/action.yaml
+++ b/.github/actions/terraform-plan/action.yaml
@@ -35,6 +35,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -56,6 +59,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-plan@v1
       with:
         path: ./terraform
diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
index 12df660..af275fb 100644
--- a/.github/workflows/destroy.yaml
+++ b/.github/workflows/destroy.yaml
@@ -13,6 +13,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs:
   terraform-destroy:
@@ -48,3 +49,4 @@ jobs:
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
           CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml
index b480728..b1bc32f 100644
--- a/.github/workflows/plan.yaml
+++ b/.github/workflows/plan.yaml
@@ -21,6 +21,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs: 
   terraform-plan:
@@ -56,4 +57,5 @@ jobs:
           GRAFANA_ADMIN_PASSWORD: ${{ env.GRAFANA_ADMIN_PASSWORD }}
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
-          CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
\ No newline at end of file
+          CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/sync-and-deploy.yaml b/.github/workflows/sync-and-deploy.yaml
index 9a1ddb2..0a3a8d9 100644
--- a/.github/workflows/sync-and-deploy.yaml
+++ b/.github/workflows/sync-and-deploy.yaml
@@ -18,6 +18,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs: 
   terraform-apply:
@@ -55,6 +56,7 @@ jobs:
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
           CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
       
       - name: Prepare Slack Notification
         if: always()
diff --git a/terraform/main.tf b/terraform/main.tf
index 04d4e03..e8df488 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -2,6 +2,7 @@ variable "GRAFANA_ADMIN_PASSWORD" { type= string }
 variable "CLOUDFLARE_ZONE_ID" { type= string }
 variable "CLOUDFLARE_TOKEN" { type= string }
 variable "CLOUDFLARE_EMAIL" { type= string }
+variable "CLOUDFLARE_API_TOKEN" { type= string }
 
 terraform {
     backend "s3" {}
diff --git a/terraform/tls.tf b/terraform/tls.tf
index 7c3bc60..a3f70e0 100644
--- a/terraform/tls.tf
+++ b/terraform/tls.tf
@@ -18,7 +18,7 @@ resource "kubernetes_secret" "cloudflare_api_token" {
         namespace = "cert-manager"
     }
     data = {
-        api-token = base64encode(var.CLOUDFLARE_TOKEN)
+        api-token = base64encode(var.CLOUDFLARE_API_TOKEN)
     }
 }
 
@@ -27,14 +27,14 @@ resource "kubectl_manifest" "cluster_issuer" {
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
-  namespace: cert-manager
+    name: letsencrypt-prod
+    namespace: cert-manager
 spec:
     acme:
         email: ${var.CLOUDFLARE_EMAIL}
         server: https://acme-v02.api.letsencrypt.org/directory
         privateKeySecretRef:
-        name: letsencrypt-prod-key
+            name: letsencrypt-prod
         solvers:
         - dns01:
             cloudflare: