contrib/govcloud: set pdns api key at runtime (#2869)

Documentation/dev/govcloud/README.md

@@ -54,7 +54,8 @@ tectonic_govcloud_external_vpc_id
 tectonic_govcloud_external_master_subnet_ids
 tectonic_govcloud_external_worker_subnet_ids
 tectonic_govcloud_dns_server_ip
-
+tectonic_govcloud_dns_server_api_url
+tectonic_govcloud_dns_server_api_key
 ```
 
 ## Deploy the cluster

contrib/govcloud/resources/powerdns.service

@@ -9,6 +9,7 @@ ${mysql_image}
 
 ExecStartPre=/usr/bin/docker run --net=host \
 --name pdns-master -d \
+-e PDNS_API_KEY=${pdns_api_key} \
 -e PDNS_RECURSOR=10.0.0.2 \
 -e PDNS_SOA=10.0.0.2 \
 -e PDNS_ALLOW_AXFR_IPS=127.0.0.1 \

contrib/govcloud/services.tf

@@ -62,6 +62,7 @@ data "template_file" "powerdns_service" {
 
   vars {
     dns_zone       = "${var.base_domain}"
+    pdns_api_key   = "${var.pdns_api_key}"
     mysql_password = "${var.mysql_password}"
     powerdns_image = "${var.container_images["powerdns"]}"
     mysql_image    = "${var.container_images["mysql"]}"

contrib/govcloud/vars.tf

@@ -2,37 +2,37 @@
 # should be fed through env var or variable file
 # https://www.terraform.io/docs/configuration/variables.html
 
-variable vpc_name {
+variable "vpc_name" {
   description = "The name of the VPC to identify created resources."
   default     = "bastion"
 }
 
-variable instance_type {
+variable "instance_type" {
   description = "The type of the ec2 machine."
   default     = "t2.micro"
 }
 
-variable base_domain {
+variable "base_domain" {
   default     = "tectonic-ci.de"
   description = "The base domain for this cluster's FQDN"
 }
 
-variable vpc_aws_region {
+variable "vpc_aws_region" {
   description = "The target AWS region for the cluster"
   default     = "us-gov-west-1"
 }
 
-variable vpc_cidr {
+variable "vpc_cidr" {
   default     = "10.0.0.0/16"
   description = "The CIDR range used for your entire VPC"
 }
 
-variable subnet_count {
+variable "subnet_count" {
   default     = 4
   description = "Number of private subnets to pre-create"
 }
 
-variable local_network_cidr {
+variable "local_network_cidr" {
   default     = "10.7.0.0/16"
   description = "IP range in the network your laptop is on (dosn't actually matter unless your instances need to connect to the local network your laptop is on)"
 }
@@ -54,12 +54,16 @@ variable "mysql_password" {
   description = "Used as PowerDNS backend."
 }
 
+variable "pdns_api_key" {
+  description = "Used by clients to communicate with the PowerDNS API."
+}
+
 variable "container_images" {
   description = "Container images to use"
   type        = "map"
 
   default = {
-    powerdns = "quay.io/coreos/pdns:4.0-1"
+    powerdns = "quay.io/coreos/pdns:20678f8bffc316579367d885ca4fcb229b1dbc1d"
     mysql    = "quay.io/coreos/mysql:5.7.21"
     openvpn  = "quay.io/coreos/openvpn:2.4"
     nginx    = "quay.io/coreos/nginx:1.13.7-alpine"

tests/rspec/lib/govcloud_vpc.rb

@@ -20,6 +20,8 @@ def initialize(name)
       `tr -cd '[:alnum:]' < /dev/urandom | head -c 32 ; echo`.chomp
     @mysql_password =
       `tr -cd '[:alnum:]' < /dev/urandom | head -c 32 ; echo`.chomp
+    @pdns_api_key =
+      `tr -cd '[:alnum:]' < /dev/urandom | head -c 10; echo`.chomp
   end
 
   def env_variables
@@ -29,7 +31,8 @@ def env_variables
       'TF_VAR_base_domain' => 'tectonic-ci.de',
       'TF_VAR_nginx_username' => 'openvpn',
       'TF_VAR_nginx_password' => @ovpn_password,
-      'TF_VAR_mysql_password' => @mysql_password
+      'TF_VAR_mysql_password' => @mysql_password,
+      'TF_VAR_pdns_api_key' => @pdns_api_key
     }
   end
 
@@ -40,7 +43,7 @@ def export_tfvars
       'TF_VAR_tectonic_govcloud_external_worker_subnet_ids' => @worker_subnet_ids,
       'TF_VAR_tectonic_govcloud_dns_server_ip' => @vpc_dns,
       'TF_VAR_tectonic_govcloud_dns_server_api_url' => @dns_api_url,
-      'TF_VAR_tectonic_govcloud_dns_server_api_key' => 'tectonicgov'
+      'TF_VAR_tectonic_govcloud_dns_server_api_key' => @pdns_api_key
     }
     vars.each do |key, value|
       ENV[key] = value