Skip to content
This repository was archived by the owner on Aug 12, 2024. It is now read-only.

Commit 68da168

Browse files
author
Sean Sundberg
authored
Passes credential outputs through external data source (#91)
Signed-off-by: Sean Sundberg <[email protected]>
1 parent 57ec5c5 commit 68da168

File tree

3 files changed

+45
-4
lines changed

3 files changed

+45
-4
lines changed

main.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,20 @@ resource ibm_is_security_group_rule rule_tcp_k8s {
221221
}
222222
}
223223

224+
data external credentials {
225+
depends_on = [ibm_container_vpc_cluster.cluster]
226+
program = ["bash", "${path.module}/scripts/get-credentials.sh"]
227+
228+
query = {
229+
public_endpoint = data.ibm_container_vpc_cluster.config.public_service_endpoint
230+
public_server_url = data.ibm_container_vpc_cluster.config.public_service_endpoint_url
231+
private_server_url = data.ibm_container_vpc_cluster.config.private_service_endpoint_url
232+
username = "apikey"
233+
ibmcloud_api_key = var.ibmcloud_api_key
234+
token = ""
235+
}
236+
}
237+
224238
data ibm_container_vpc_cluster config {
225239
depends_on = [ibm_container_vpc_cluster.cluster, ibm_is_security_group_rule.rule_tcp_k8s]
226240

outputs.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,22 +62,22 @@ output "workers" {
6262

6363
output "server_url" {
6464
description = "The url used to connect to the api server. If the cluster has public endpoints enabled this will be the public api server, otherwise this will be the private api server url"
65-
value = data.ibm_container_vpc_cluster.config.public_service_endpoint ? data.ibm_container_vpc_cluster.config.public_service_endpoint_url : data.ibm_container_vpc_cluster.config.private_service_endpoint_url
65+
value = data.external.credentials.result.server_url
6666
}
6767

6868
output "username" {
6969
description = "The username of the admin user for the cluster"
70-
value = "apikey"
70+
value = data.external.credentials.result.username
7171
}
7272

7373
output "password" {
7474
description = "The password of the admin user for the cluster"
75-
value = var.ibmcloud_api_key
75+
value = data.external.credentials.result.password
7676
sensitive = true
7777
}
7878

7979
output "token" {
8080
description = "The admin user token used to generate the cluster"
81-
value = ""
81+
value = data.external.credentials.result.token
8282
sensitive = true
8383
}

scripts/get-credentials.sh

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
#!/usr/bin/env bash
2+
3+
INPUT=$(tee)
4+
5+
BIN_DIR=$(echo "${INPUT}" | grep bin_dir | sed -E 's/.*"bin_dir": ?"([^"]*)".*/\1/g')
6+
7+
export PATH="${BIN_DIR}:${PATH}"
8+
9+
PUBLIC_ENDPOINT=$(echo "${INPUT}" | jq -r '.public_endpoint')
10+
PUBLIC_SERVER_URL=$(echo "${INPUT}" | jq -r '.public_server_url')
11+
PRIVATE_SERVER_URL=$(echo "${INPUT}" | jq -r '.private_server_url')
12+
IBMCLOUD_API_KEY=$(echo "${INPUT}" | jq -r '.ibmcloud_api_key')
13+
USERNAME=$(echo "${INPUT}" | jq -r '.username')
14+
TOKEN=$(echo "${INPUT}" | jq -r '.token')
15+
16+
if [[ "${PUBLIC_ENDPOINT}" == "true" ]]; then
17+
SERVER_URL="${PUBLIC_SERVER_URL}"
18+
else
19+
SERVER_URL="${PRIVATE_SERVER_URL}"
20+
fi
21+
22+
jq -n \
23+
--arg SERVER_URL "${SERVER_URL}" \
24+
--arg USERNAME "${USERNAME}" \
25+
--arg PASSWORD "${IBMCLOUD_API_KEY}" \
26+
--arg TOKEN "${TOKEN}" \
27+
'{"server_url": $SERVER_URL,"username": $USERNAME, "password": $PASSWORD, "token": $TOKEN}'

0 commit comments

Comments
 (0)