address comments from code review

hashicorp · Apr 2, 2024 · f1cd5af · f1cd5af
1 parent 3e0affe
commit f1cd5af
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 21 deletions.
diff --git a/e2e/terraform/consul-servers.tf b/e2e/terraform/consul-servers.tf
@@ -162,17 +162,17 @@ resource "null_resource" "install_consul_server_configs" {
 # get the management token into the provider's environment after we bootstrap,
 # and we want to pass various tokens in the Nomad and Consul configuration
 # files. So we run a bootstrapping script that uses tokens we generate randomly.
-locals {
-  consul_env = "CONSUL_HTTP_ADDR=https://${aws_instance.consul_server.public_ip}:8501 CONSUL_CACERT=keys/tls_ca.crt CONSUL_HTTP_TOKEN=${random_uuid.consul_initial_management_token.result} CONSUL_AGENT_TOKEN=${random_uuid.consul_agent_token.result} NOMAD_CLUSTER_CONSUL_TOKEN=${random_uuid.consul_token_for_nomad.result}"
-}
-
 resource "null_resource" "bootstrap_consul_acls" {
   depends_on = [null_resource.install_consul_server_configs]
-  triggers = {
-    command = aws_instance.consul_server.public_ip != "" ? local.consul_env : "echo 'Consul server not ready yet, skipping bootstrap'"
-  }
 
   provisioner "local-exec" {
-    command = "${local.consul_env} ./scripts/bootstrap-consul.sh"
+    command = "./scripts/bootstrap-consul.sh"
+    environment = {
+      CONSUL_HTTP_ADDR           = "https://${aws_instance.consul_server.public_ip}:8501"
+      CONSUL_CACERT              = "keys/tls_ca.crt"
+      CONSUL_HTTP_TOKEN          = "${random_uuid.consul_initial_management_token.result}"
+      CONSUL_AGENT_TOKEN         = "${random_uuid.consul_agent_token.result}"
+      NOMAD_CLUSTER_CONSUL_TOKEN = "${random_uuid.consul_token_for_nomad.result}"
+    }
   }
 }
diff --git a/e2e/terraform/etc/consul.d/servers.hcl b/e2e/terraform/etc/consul.d/servers.hcl
@@ -20,10 +20,6 @@ acl {
     initial_management = "${management_token}"
     agent              = "${token}"
     default            = "${token}"
-
-    # this isn't a Consul config value, but the bootstrap script will read
-    # this to create an initial pre-existing token for our Nomad agents
-    # nomad_cluster = "${nomad_token}"
   }
 }
 

diff --git a/e2e/terraform/nomad-acls.tf b/e2e/terraform/nomad-acls.tf
@@ -7,19 +7,17 @@
 # to get the management token into the provider's environment after we bootstrap.
 # So we run a bootstrapping script and write our management token into a file
 # that we read in for the output of $(terraform output environment) later.
-
-locals {
-  nomad_env = "NOMAD_ADDR=https://${aws_instance.server.0.public_ip}:4646 NOMAD_CACERT=keys/tls_ca.crt NOMAD_CLIENT_CERT=keys/tls_api_client.crt NOMAD_CLIENT_KEY=keys/tls_api_client.key"
-}
-
 resource "null_resource" "bootstrap_nomad_acls" {
   depends_on = [module.nomad_server, null_resource.bootstrap_consul_acls]
-  triggers = {
-    command = aws_instance.server.0.public_ip != "" ? local.nomad_env : "echo 'Nomad server not ready yet, skipping bootstrap'"
-  }
 
   provisioner "local-exec" {
-    command = "${local.nomad_env} ./scripts/bootstrap-nomad.sh"
+    command = "./scripts/bootstrap-nomad.sh"
+    environment = {
+      NOMAD_ADDR        = "https://${aws_instance.server.0.public_ip}:4646"
+      NOMAD_CACERT      = "keys/tls_ca.crt"
+      NOMAD_CLIENT_CERT = "keys/tls_api_client.crt"
+      NOMAD_CLIENT_KEY  = "keys/tls_api_client.key"
+    }
   }
 }
 
@@ -41,6 +39,9 @@ export NOMAD_SKIP_VERIFY=true
 export NOMAD_CLIENT_CERT=/etc/nomad.d/tls/agent.crt
 export NOMAD_CLIENT_KEY=/etc/nomad.d/tls/agent.key
 export NOMAD_TOKEN=${data.local_sensitive_file.nomad_token.content}
+export CONSUL_HTTP_ADDR=https://localhost:8501
+export CONSUL_HTTP_TOKEN="${random_uuid.consul_initial_management_token.result}"
+export CONSUL_CACERT=/etc/consul.d/ca.pem
 ENV
 EXEC
 }