diff --git a/.gitea/workflows/pull-request-open.yml b/.gitea/workflows/pull-request-open.yml index 8f7079e..af6d4fd 100644 --- a/.gitea/workflows/pull-request-open.yml +++ b/.gitea/workflows/pull-request-open.yml @@ -97,10 +97,22 @@ jobs: with: tofu_version: 1.8.2 + - name: Get secrets from vault + id: import-secrets + uses: hashicorp/vault-action@v3 + with: + url: "https://vault.ednz.fr" + method: approle + roleId: ${{ secrets.VAULT_APPROLE_ID }} + secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + secrets: | + kv/data/cicd/vault/infrabuilder approle_id | VAULT_INFRABUILDER_APPROLE_ID ; + kv/data/cicd/vault/infrabuilder approle_secret_id | VAULT_INFRABUILDER_APPROLE_SECRET_ID ; + - name: Get required credentials id: tofu-auth run: | - VAULT_TOKEN=$(curl --silent --request POST --data '{"role_id": "${{ secrets.VAULT_APPROLE_ID }}","secret_id": "${{ secrets.VAULT_APPROLE_SECRET_ID }}"}' https://vault.ednz.fr/v1/auth/approle/login | jq -r .auth.client_token) + VAULT_TOKEN=$(curl --silent --request POST --data '{"role_id": "${{ steps.import-secrets.outputs.VAULT_INFRABUILDER_APPROLE_ID }}","secret_id": "${{ steps.import-secrets.outputs.VAULT_INFRABUILDER_APPROLE_SECRET_ID }}"}' https://vault.ednz.fr/v1/auth/approle/login | jq -r .auth.client_token) echo "vault_token=$VAULT_TOKEN" >> $GITHUB_OUTPUT - name: Tofu init diff --git a/README.md b/README.md index 7b8a6b3..5a92084 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,11 @@ -# terraform-openstack-lz +# terraform-openstack-landing-zone + +Terraform/OpenTofu module to deploy a completely customizable OpenStack network architecture. + +![Terraform Badge](https://img.shields.io/badge/Terraform-844FBA?logo=terraform&logoColor=fff&style=for-the-badge) +![OpenTofu Badge](https://img.shields.io/badge/OpenTofu-FFDA18?logo=opentofu&logoColor=000&style=for-the-badge) +![OpenStack Badge](https://img.shields.io/badge/OpenStack-ED1944?logo=openstack&logoColor=fff&style=for-the-badge) -Terraform module to deploy a completely customizable OpenStack ### Requirements