From ffcec369dc9bbc39f83e411d1cdc41f5d23f59ce Mon Sep 17 00:00:00 2001 From: Max Kuznetsov Date: Thu, 25 Apr 2024 12:17:41 +0300 Subject: [PATCH] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=B8?= =?UTF-8?q?=D1=82=D1=8C=20VPC=20=D0=BF=D1=80=D0=B8=D0=BC=D0=B5=D1=80=D1=8B?= =?UTF-8?q?=20=D0=BD=D0=B0=20IAM=20(#8)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add IAM resource `selectel_iam_s3_credentials_v1` * bump selectel/selectel provider version to 5.0.2 * replace terracurl to selectel/selectel provider in s3-credentials * delete unused variables from s3-credentials * fix s3-credentials outputs * update README.md * delete variables for s3-creds * fix mistakes --------- Co-authored-by: Maksim Kuznetsov Co-authored-by: Filipp Fedorov --- README.md | 6 +-- main.tf | 3 -- modules/craas/README.md | 8 ++-- modules/craas/versions.tf | 2 +- modules/mks/k8s-cluster-standalone/README.md | 6 +-- .../mks/k8s-cluster-standalone/versions.tf | 2 +- modules/mks/k8s-cluster/README.md | 6 +-- modules/mks/k8s-cluster/versions.tf | 2 +- modules/mks/k8s-nodegroup-gpu/README.md | 6 +-- modules/mks/k8s-nodegroup-gpu/versions.tf | 2 +- modules/mks/k8s-nodegroup/README.md | 6 +-- modules/mks/k8s-nodegroup/versions.tf | 2 +- modules/os_project_with_user/README.md | 16 ++++---- modules/os_project_with_user/main.tf | 18 ++++----- modules/os_project_with_user/outputs.tf | 13 ++----- modules/os_project_with_user/vars.tf | 2 +- modules/os_project_with_user/versions.tf | 2 +- modules/s3/s3-credentials/README.md | 13 ++----- modules/s3/s3-credentials/main.tf | 39 ++----------------- modules/s3/s3-credentials/output.tf | 4 +- modules/s3/s3-credentials/vars.tf | 15 ------- modules/s3/s3-credentials/versions.tf | 6 +-- modules/vm/README.md | 2 +- modules/vm/versions.tf | 2 +- 24 files changed, 61 insertions(+), 122 deletions(-) diff --git a/README.md b/README.md index da21b2a..50d4753 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ terraform plan/apply \ - Ввести с клавиатуры, если переменные не были заданы любым другим способом -После успешного выполнения команды `terraform apply` вы должны увидеть в своём аккаунте новый проект, в котором будет запущены все модули (MKS, SFS, vm, CRaaS и др.) +После успешного выполнения команды `terraform apply` вы должны увидеть в своём аккаунте новый проект, в котором будут запущены все модули (MKS, SFS, vm, CRaaS и др.) ## Repository structure @@ -94,8 +94,8 @@ terraform plan/apply \ * [network](modules/network) - создание локальной сети * [os_project_with_user](modules/os_project_with_user) - создание проекта в облаке Selectel * [s3](modules/s3) - создание [объектного хранилища s3](https://selectel.ru/services/cloud/storage/) - * [s3](modules/s3-bucket) - создание s3 бакета - * [s3](modules/s3-credentioals) - создание s3 параметров авторизации + * [s3-bucket](modules/s3-bucket) - создание s3 бакета + * [s3-credentials](modules/s3-credentioals) - создание s3 параметров авторизации * [selectel-token](modules/selectel) - создание токена аккаунта Selectel * [sfs](modules/sfs) - создание [файлового хранилища](https://selectel.ru/lab/file-storage/) * [vm](modules/vm) - создание [виртуального облачного сервера](https://selectel.ru/services/cloud/servers/) diff --git a/main.tf b/main.tf index 1135d71..42aea34 100644 --- a/main.tf +++ b/main.tf @@ -42,9 +42,6 @@ module "sfs" { # Создаём S3-ключ для пользователя module "s3-creds" { source = "./modules/s3/s3-credentials" - os_account = var.selectel_domain_name - os_username = var.selectel_user_admin_user - os_password = var.selectel_user_admin_password os_user_id = module.project-with-user.user_id os_project_id = module.project-with-user.project_id credentials_name = "github-s3-creds" diff --git a/modules/craas/README.md b/modules/craas/README.md index 10225e6..6285ec4 100644 --- a/modules/craas/README.md +++ b/modules/craas/README.md @@ -2,13 +2,13 @@ | Name | Version | |------|---------| -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [selectel](#provider\_selectel) | >= 4.0.2 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -18,8 +18,8 @@ No modules. | Name | Type | |------|------| -| [selectel_craas_registry_v1.registry_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/craas_registry_v1) | resource | -| [selectel_craas_token_v1.token_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/craas_token_v1) | resource | +| [selectel_craas_registry_v1.registry_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/craas_registry_v1) | resource | +| [selectel_craas_token_v1.token_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/craas_token_v1) | resource | ## Inputs diff --git a/modules/craas/versions.tf b/modules/craas/versions.tf index ef07da0..4d51ff8 100644 --- a/modules/craas/versions.tf +++ b/modules/craas/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } } } diff --git a/modules/mks/k8s-cluster-standalone/README.md b/modules/mks/k8s-cluster-standalone/README.md index 0aba035..9723874 100644 --- a/modules/mks/k8s-cluster-standalone/README.md +++ b/modules/mks/k8s-cluster-standalone/README.md @@ -4,13 +4,13 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.0 | | [openstack](#requirement\_openstack) | 1.53.0 | -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [selectel](#provider\_selectel) | >= 4.0.2 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -25,7 +25,7 @@ | Name | Type | |------|------| -| [selectel_mks_kubeconfig_v1.kubeconfig](https://registry.terraform.io/providers/selectel/selectel/latest/docs/data-sources/mks_kubeconfig_v1) | data source | +| [selectel_mks_kubeconfig_v1.kubeconfig](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/data-sources/mks_kubeconfig_v1) | data source | ## Inputs diff --git a/modules/mks/k8s-cluster-standalone/versions.tf b/modules/mks/k8s-cluster-standalone/versions.tf index a0ffbd8..ddd1281 100644 --- a/modules/mks/k8s-cluster-standalone/versions.tf +++ b/modules/mks/k8s-cluster-standalone/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } openstack = { source = "terraform-provider-openstack/openstack" diff --git a/modules/mks/k8s-cluster/README.md b/modules/mks/k8s-cluster/README.md index f70b849..e152002 100644 --- a/modules/mks/k8s-cluster/README.md +++ b/modules/mks/k8s-cluster/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.0 | -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [selectel](#provider\_selectel) | >= 4.0.2 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -19,7 +19,7 @@ No modules. | Name | Type | |------|------| -| [selectel_mks_cluster_v1.cluster_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/mks_cluster_v1) | resource | +| [selectel_mks_cluster_v1.cluster_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/mks_cluster_v1) | resource | ## Inputs diff --git a/modules/mks/k8s-cluster/versions.tf b/modules/mks/k8s-cluster/versions.tf index 2a57f62..23259c1 100644 --- a/modules/mks/k8s-cluster/versions.tf +++ b/modules/mks/k8s-cluster/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } } required_version = ">= 1.5.0" diff --git a/modules/mks/k8s-nodegroup-gpu/README.md b/modules/mks/k8s-nodegroup-gpu/README.md index 1b9b983..5abff5f 100644 --- a/modules/mks/k8s-nodegroup-gpu/README.md +++ b/modules/mks/k8s-nodegroup-gpu/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.0 | -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [selectel](#provider\_selectel) | >= 4.0.2 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -19,7 +19,7 @@ No modules. | Name | Type | |------|------| -| [selectel_mks_nodegroup_v1.nodegroup_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/mks_nodegroup_v1) | resource | +| [selectel_mks_nodegroup_v1.nodegroup_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/mks_nodegroup_v1) | resource | ## Inputs diff --git a/modules/mks/k8s-nodegroup-gpu/versions.tf b/modules/mks/k8s-nodegroup-gpu/versions.tf index 2a57f62..23259c1 100644 --- a/modules/mks/k8s-nodegroup-gpu/versions.tf +++ b/modules/mks/k8s-nodegroup-gpu/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } } required_version = ">= 1.5.0" diff --git a/modules/mks/k8s-nodegroup/README.md b/modules/mks/k8s-nodegroup/README.md index c9f39a0..f6718cc 100644 --- a/modules/mks/k8s-nodegroup/README.md +++ b/modules/mks/k8s-nodegroup/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.0 | -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [selectel](#provider\_selectel) | >= 4.0.2 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -19,7 +19,7 @@ No modules. | Name | Type | |------|------| -| [selectel_mks_nodegroup_v1.nodegroup_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/mks_nodegroup_v1) | resource | +| [selectel_mks_nodegroup_v1.nodegroup_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/mks_nodegroup_v1) | resource | ## Inputs diff --git a/modules/mks/k8s-nodegroup/versions.tf b/modules/mks/k8s-nodegroup/versions.tf index 2a57f62..23259c1 100644 --- a/modules/mks/k8s-nodegroup/versions.tf +++ b/modules/mks/k8s-nodegroup/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } } required_version = ">= 1.5.0" diff --git a/modules/os_project_with_user/README.md b/modules/os_project_with_user/README.md index 3686bfb..b43b06a 100644 --- a/modules/os_project_with_user/README.md +++ b/modules/os_project_with_user/README.md @@ -4,14 +4,14 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 1.5.0 | | [random](#requirement\_random) | >= 3.3.2 | -| [selectel](#requirement\_selectel) | >= 4.0.1 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| | [random](#provider\_random) | >= 3.3.2 | -| [selectel](#provider\_selectel) | >= 4.0.1 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules @@ -21,17 +21,16 @@ No modules. | Name | Type | |------|------| -| [random_password.user_1_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | -| [selectel_vpc_project_v2.project_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/vpc_project_v2) | resource | -| [selectel_vpc_role_v2.role_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/vpc_role_v2) | resource | -| [selectel_vpc_user_v2.user_1](https://registry.terraform.io/providers/selectel/selectel/latest/docs/resources/vpc_user_v2) | resource | +| [random_password.serviceuser_1_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [selectel_iam_serviceuser_v1.serviceuser_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/iam_serviceuser_v1) | resource | +| [selectel_vpc_project_v2.project_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/vpc_project_v2) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [os\_project\_name](#input\_os\_project\_name) | Name of OpenStack project to create | `string` | n/a | yes | -| [os\_username](#input\_os\_username) | Username of user create in OpenStack project | `string` | n/a | yes | +| [os\_username](#input\_os\_username) | Username of service user to create in OpenStack project | `string` | n/a | yes | ## Outputs @@ -39,7 +38,6 @@ No modules. |------|-------------| | [project\_id](#output\_project\_id) | ID of created project | | [project\_name](#output\_project\_name) | Name of created project | -| [role\_id](#output\_role\_id) | ID of created user role | -| [user\_id](#output\_user\_id) | ID of user, that admins the project | +| [user\_id](#output\_user\_id) | ID of user that admins the project | | [user\_name](#output\_user\_name) | Username of created user | | [user\_password](#output\_user\_password) | Password of created user. Generated automatically. | diff --git a/modules/os_project_with_user/main.tf b/modules/os_project_with_user/main.tf index 3b704d2..c892cf3 100644 --- a/modules/os_project_with_user/main.tf +++ b/modules/os_project_with_user/main.tf @@ -2,7 +2,7 @@ resource "selectel_vpc_project_v2" "project_1" { name = var.os_project_name } -resource "random_password" "user_1_password" { +resource "random_password" "serviceuser_1_password" { length = 32 special = true override_special = "!#$%&*()-_=+[]{}<>:?" @@ -12,12 +12,12 @@ resource "random_password" "user_1_password" { min_upper = 1 } -resource "selectel_vpc_user_v2" "user_1" { +resource "selectel_iam_serviceuser_v1" "serviceuser_1" { name = var.os_username - password = random_password.user_1_password.result -} - -resource "selectel_vpc_role_v2" "role_1" { - project_id = selectel_vpc_project_v2.project_1.id - user_id = selectel_vpc_user_v2.user_1.id -} + password = random_password.serviceuser_1_password.result + role { + scope = "project" + role_name = "member" + project_id = selectel_vpc_project_v2.project_1.id + } +} \ No newline at end of file diff --git a/modules/os_project_with_user/outputs.tf b/modules/os_project_with_user/outputs.tf index 2b92387..c7c7732 100644 --- a/modules/os_project_with_user/outputs.tf +++ b/modules/os_project_with_user/outputs.tf @@ -9,22 +9,17 @@ output "project_name" { } output "user_id" { - description = "ID of user, that admins the project" - value = selectel_vpc_user_v2.user_1.id + description = "ID of user that admins the project" + value = selectel_iam_serviceuser_v1.serviceuser_1.id } output "user_name" { description = "Username of created user" - value = selectel_vpc_user_v2.user_1.name -} - -output "role_id" { - description = "ID of created user role" - value = selectel_vpc_role_v2.role_1.id + value = selectel_iam_serviceuser_v1.serviceuser_1.name } output "user_password" { description = "Password of created user. Generated automatically." - value = random_password.user_1_password.result + value = random_password.serviceuser_1_password.result sensitive = true } diff --git a/modules/os_project_with_user/vars.tf b/modules/os_project_with_user/vars.tf index e914108..e66c7fa 100644 --- a/modules/os_project_with_user/vars.tf +++ b/modules/os_project_with_user/vars.tf @@ -4,6 +4,6 @@ variable "os_project_name" { } variable "os_username" { - description = "Username of user create in OpenStack project" + description = "Username of service user to create in OpenStack project" type = string } diff --git a/modules/os_project_with_user/versions.tf b/modules/os_project_with_user/versions.tf index fd44272..946d245 100644 --- a/modules/os_project_with_user/versions.tf +++ b/modules/os_project_with_user/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.1" + version = "5.0.2" } random = { source = "hashicorp/random" diff --git a/modules/s3/s3-credentials/README.md b/modules/s3/s3-credentials/README.md index c238e5a..af2798c 100644 --- a/modules/s3/s3-credentials/README.md +++ b/modules/s3/s3-credentials/README.md @@ -3,36 +3,31 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [terracurl](#requirement\_terracurl) | >= 1.0.1 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers | Name | Version | |------|---------| -| [terracurl](#provider\_terracurl) | >= 1.0.1 | +| [selectel](#provider\_selectel) | 5.0.2 | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [selectel\_token](#module\_selectel\_token) | ../../selectel-token | n/a | +No modules. ## Resources | Name | Type | |------|------| -| [terracurl_request.s3_credentials](https://registry.terraform.io/providers/devops-rob/terracurl/latest/docs/resources/request) | resource | +| [selectel_iam_s3_credentials_v1.s3_credentials_1](https://registry.terraform.io/providers/selectel/selectel/5.0.2/docs/resources/iam_s3_credentials_v1) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [credentials\_name](#input\_credentials\_name) | Название создаваемых кред для S3 | `string` | n/a | yes | -| [os\_account](#input\_os\_account) | ID аккаунта | `string` | n/a | yes | -| [os\_password](#input\_os\_password) | Пароль пользователя МИНИМУМ с ролью Администратор пользователей. Именем этого пользователя будут выданы ключи от S3 | `string` | n/a | yes | | [os\_project\_id](#input\_os\_project\_id) | ID проекта, в котором находится бакет | `string` | n/a | yes | | [os\_user\_id](#input\_os\_user\_id) | ID пользователя, которому надо выдать ключи S3 | `string` | n/a | yes | -| [os\_username](#input\_os\_username) | Логин пользователя МИНИМУМ с ролью Администратор пользователей. Именем этого пользователя будут выданы ключи от S3 | `string` | n/a | yes | ## Outputs diff --git a/modules/s3/s3-credentials/main.tf b/modules/s3/s3-credentials/main.tf index 76f5e17..64fcaef 100644 --- a/modules/s3/s3-credentials/main.tf +++ b/modules/s3/s3-credentials/main.tf @@ -1,36 +1,5 @@ -module "selectel_token" { - source = "../../selectel-token" - os_account = var.os_account - os_password = var.os_password - os_username = var.os_username -} - -resource "terracurl_request" "s3_credentials" { - name = "vault-mount" - url = "https://api.selectel.ru/iam/v1/service_users/${var.os_user_id}/credentials" - method = "POST" - request_body = < [terraform](#requirement\_terraform) | >= 1.5.0 | | [openstack](#requirement\_openstack) | 1.53.0 | -| [selectel](#requirement\_selectel) | >= 4.0.2 | +| [selectel](#requirement\_selectel) | 5.0.2 | ## Providers diff --git a/modules/vm/versions.tf b/modules/vm/versions.tf index a0ffbd8..ddd1281 100644 --- a/modules/vm/versions.tf +++ b/modules/vm/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { selectel = { source = "selectel/selectel" - version = ">= 4.0.2" + version = "5.0.2" } openstack = { source = "terraform-provider-openstack/openstack"