SPHTech-Platform · zodilib · Aug 24, 2023 · Aug 24, 2023
diff --git a/modules/management_static/README.md b/modules/management_static/README.md
@@ -0,0 +1,89 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_boundary"></a> [boundary](#requirement\_boundary) | ~> 1.1.2 |
+| <a name="requirement_vault"></a> [vault](#requirement\_vault) | ~> 3.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_boundary"></a> [boundary](#provider\_boundary) | 1.1.3 |
+| <a name="provider_vault"></a> [vault](#provider\_vault) | 3.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [boundary_credential_library_vault.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/credential_library_vault) | resource |
+| [boundary_credential_store_vault.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/credential_store_vault) | resource |
+| [boundary_host_catalog_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_catalog_static) | resource |
+| [boundary_host_set_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_set_static) | resource |
+| [boundary_host_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_static) | resource |
+| [boundary_target.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/target) | resource |
+| [vault_policy.admin_read](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
+| [vault_policy.boundary_controller](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/policy) | resource |
+| [vault_token.boundary](https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/token) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_credential_lib"></a> [credential\_lib](#input\_credential\_lib) | To creates a Credential Lib in the Project | `map(any)` | `{}` | no |
+| <a name="input_credential_store_vault"></a> [credential\_store\_vault](#input\_credential\_store\_vault) | credential\_store\_vault project and vault namespace. A seperate authetication needs to be provided for vault. | `map(any)` | `{}` | no |
+| <a name="input_projects"></a> [projects](#input\_projects) | Map of project environments inside the org. | `map(any)` | `{}` | no |
+| <a name="input_static_hosts"></a> [static\_hosts](#input\_static\_hosts) | To create a Host Catalog, a Host Set and attach a Host provided inside a Project. | `map(any)` | `{}` | no |
+| <a name="input_targets"></a> [targets](#input\_targets) | To creates a Targets of a given type within a Project | `map(any)` | `{}` | no |
+| <a name="input_vault_pub_url"></a> [vault\_pub\_url](#input\_vault\_pub\_url) | Vault Server public URL | `string` | `""` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS --><!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_boundary"></a> [boundary](#requirement\_boundary) | ~> 1.1.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_boundary"></a> [boundary](#provider\_boundary) | 1.1.9 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [boundary_credential_store_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/credential_store_static) | resource |
+| [boundary_host_catalog_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_catalog_static) | resource |
+| [boundary_host_set_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_set_static) | resource |
+| [boundary_host_static.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/host_static) | resource |
+| [boundary_target.this](https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/target) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_credential_store_static"></a> [credential\_store\_static](#input\_credential\_store\_static) | To creates a Static Credential Store in the Project | `map(any)` | `{}` | no |
+| <a name="input_projects"></a> [projects](#input\_projects) | Map of project environments inside the org. | `map(any)` | `{}` | no |
+| <a name="input_static_hosts"></a> [static\_hosts](#input\_static\_hosts) | To create a Host Catalog, a Host Set and attach a Host provided inside a Project. | `map(any)` | `{}` | no |
+| <a name="input_targets"></a> [targets](#input\_targets) | To creates a Targets of a given type within a Project | `map(any)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/management_static/credentials.tf b/modules/management_static/credentials.tf
@@ -0,0 +1,6 @@
+resource "boundary_credential_store_static" "this" {
+  for_each    = var.credential_store_static
+  name        = "${each.value.name}-static-credential-store"
+  description = "${each.key} scoped static credential store"
+  scope_id    = lookup(var.projects, each.key).id
+}
diff --git a/modules/management_static/host_targets.tf b/modules/management_static/host_targets.tf
@@ -0,0 +1,60 @@
+locals {
+  static_values = flatten([for k, v in var.static_hosts :
+    flatten([for t, l in v :
+      flatten([for i in l :
+        {
+          "project" = k,
+          "type"    = t,
+          "ip"      = i
+      }])
+    ])
+  ])
+  unq_env = toset(distinct([for resources in local.static_values : resources.project]))
+
+}
+
+resource "boundary_host_catalog_static" "this" {
+  for_each    = local.unq_env
+  name        = "${each.key}-static"
+  description = "Static Hosts Catalog for ${each.key}"
+  scope_id    = lookup(var.projects, each.key).id
+}
+
+resource "boundary_host_static" "this" {
+  for_each        = { for unq in local.static_values : unq.ip => unq }
+  name            = "${each.value.project}-${each.value.type}-${each.key}"
+  description     = "${each.value.project}-${each.value.type}-${each.key} host"
+  address         = each.key
+  host_catalog_id = boundary_host_catalog_static.this[each.value.project].id
+}
+
+resource "boundary_host_set_static" "this" {
+  for_each = { for idx, record in flatten([for k, v in var.static_hosts :
+    flatten([for i, j in v :
+      {
+        "project" = k,
+        "type"    = i,
+        "ip"      = j
+    }])
+  ]) : idx => record }
+  name            = each.value.type
+  host_catalog_id = boundary_host_catalog_static.this[each.value.project].id
+  host_ids        = [for i in each.value.ip : boundary_host_static.this[i].id]
+}
+
+resource "boundary_target" "this" {
+  for_each     = var.targets
+  name         = each.value.name
+  description  = "Target for ${each.value.name}"
+  type         = each.value.type
+  default_port = each.value.port
+  scope_id     = lookup(var.projects, each.value.project).id
+  host_source_ids = [
+    for i in boundary_host_set_static.this : i.id if contains(each.value.ss-name, i.name)
+  ]
+
+  injected_application_credential_source_ids = concat([for i in boundary_credential_store_static.this : i.id if contains(each.value.inj_cred_lib, i.name)])
+  brokered_credential_source_ids             = concat([for i in boundary_credential_store_static.this : i.id if contains(each.value.brk_cred_lib, i.name)])
+
+  ingress_worker_filter = "\"${each.value.ingress_worker_filter}\" in \"/tags/account\""
+}
diff --git a/modules/management_static/variables.tf b/modules/management_static/variables.tf
@@ -0,0 +1,24 @@
+variable "projects" {
+  type        = map(any)
+  description = "Map of project environments inside the org."
+  default     = {}
+}
+
+variable "static_hosts" {
+  description = "To create a Host Catalog, a Host Set and attach a Host provided inside a Project."
+  type        = map(any)
+  default     = {}
+
+}
+
+variable "targets" {
+  description = "To creates a Targets of a given type within a Project"
+  type        = map(any)
+  default     = {}
+}
+
+variable "credential_store_static" {
+  description = "To creates a Static Credential Store in the Project"
+  type        = map(any)
+  default     = {}
+}
diff --git a/modules/management_static/versions.tf b/modules/management_static/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+
+
+    boundary = {
+      source  = "hashicorp/boundary"
+      version = "~> 1.1.2"
+    }
+  }
+
+}