-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
21 lines (20 loc) · 1.47 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
locals {
env_name = split("-", terraform.workspace)[0]
api_key_arn_for_header = jsondecode(data.consul_keys.api_key_arns.var["api_keys.json"])[upper(var.env_type)][var.app_role]
env_type = var.pipeline_type == "dev" ? "DEV" : upper(var.env_type)
api_key_arns = jsondecode(data.consul_keys.api_key_arns.var["api_keys.json"])
role_based_policy_rules = jsondecode(("${data.consul_keys.role_based_policy_rules.var}")["role_based_policy_rules.json"])[local.env_type]
dev_role_based_policy_rules = jsondecode(("${data.consul_keys.role_based_policy_rules.var}")["role_based_policy_rules.json"])["DEV"]
main_api_keys_to_add = merge([ for env in local.role_based_policy_rules.allowed_envs :
{ for role in local.role_based_policy_rules.roles[var.app_role]:
"${env}-${role}" => local.api_key_arns[env][role]
}
]...)
dev_api_keys_to_add = merge([ for env in local.dev_role_based_policy_rules.allowed_envs :
{ for role in local.dev_role_based_policy_rules.roles[var.app_role]:
"${env}-${role}" => local.api_key_arns[env][role]
}
]...)
api_keys_to_add = local.env_type == "non-prod" ? merge(local.dev_api_keys_to_add,local.main_api_keys_to_add) : local.main_api_keys_to_add
layer = startswith(terraform.workspace, "shared-") ? "SHARED" : endswith(terraform.workspace, "-data") ? "DATA" : "APP"
}