Updates to enable the vault UI (#4)

tfhartmann · web-flow · commit e9caf81b5dc6 · 2018-04-25T16:02:19.000-04:00
Feature update to enable the vault UI that was released in vault 0.10.0

Also updated the ECS Task definition template to make it mo-betta
diff --git a/files/vault.json b/files/vault.json
@@ -16,6 +16,10 @@
                 {
                     "name": "VAULT_LOCAL_CONFIG",
                     "value": "{ \"backend\": {\"consul\": {\"address\": \"127.0.0.1:8500\", \"path\": \"vault\"}}, \"default_lease_ttl\": \"168h\", \"max_lease_ttl\": \"720h\", \"listener\": [{ \"tcp\": { \"address\": \"0.0.0.0:8200\", \"tls_disable\": true }}] }"
+                },
+                {
+                    "name": "VAULT_UI",
+                    "value": "${vault_ui}"
                 }
             ],
             "command": [
@@ -51,6 +55,16 @@
             ],
             "command": [
               "sh", "-c", "sleep 10; vault unseal ${unseal_key0} "
+            ],
+            "cpu": 0,
+            "volumesFrom": [
+
+            ],
+            "mountPoints": [
+
+            ],
+            "portMappings": [
+
             ],
             "logConfiguration": {
               "logDriver": "awslogs",
@@ -75,6 +89,16 @@
             ],
             "command": [
               "sh", "-c", "sleep 10; vault unseal ${unseal_key1} "
+            ],
+            "cpu": 0,
+            "volumesFrom": [
+
+            ],
+            "mountPoints": [
+
+            ],
+            "portMappings": [
+
             ],
             "logConfiguration": {
               "logDriver": "awslogs",
@@ -99,6 +123,16 @@
             ],
             "command": [
               "sh", "-c", "sleep 10; vault unseal ${unseal_key2} "
+            ],
+            "cpu": 0,
+            "volumesFrom": [
+
+            ],
+            "mountPoints": [
+
+            ],
+            "portMappings": [
+
             ],
             "logConfiguration": {
               "logDriver": "awslogs",
diff --git a/main.tf b/main.tf
@@ -28,6 +28,7 @@ data "template_file" "vault" {
     awslogs_group         = "vault-${var.env}"
     awslogs_stream_prefix = "vault-${var.env}"
     awslogs_region        = "${data.aws_region.current.name}"
+    vault_ui              = "${var.enable_vault_ui ? "true" : "false"}"
   }
 }
 
diff --git a/variables.tf b/variables.tf
@@ -64,4 +64,9 @@ variable "unseal_keys" {
   description = "List of 3 Vault Unseal keys"
 }
 
+variable "enable_vault_ui" {
+  description = "Enables the built-in web UI, which is available on all listeners (address + port) at the /ui path. (Vault Enterprise, or Vault OSS 0.10+) Browsers accessing the standard Vault API address will automatically redirect there."
+  default     = true
+}
+
 variable "vpc_id" {}

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ data "template_file" "vault" {`
`28`	`28`	`awslogs_group = "vault-${var.env}"`
`29`	`29`	`awslogs_stream_prefix = "vault-${var.env}"`
`30`	`30`	`awslogs_region = "${data.aws_region.current.name}"`
	`31`	`+ vault_ui = "${var.enable_vault_ui ? "true" : "false"}"`
`31`	`32`	`}`
`32`	`33`	`}`
`33`	`34`
Original file line number	Diff line number	Diff line change
`@@ -64,4 +64,9 @@ variable "unseal_keys" {`
`64`	`64`	`description = "List of 3 Vault Unseal keys"`
`65`	`65`	`}`
`66`	`66`
	`67`	`+variable "enable_vault_ui" {`
	`68`	`+ description = "Enables the built-in web UI, which is available on all listeners (address + port) at the /ui path. (Vault Enterprise, or Vault OSS 0.10+) Browsers accessing the standard Vault API address will automatically redirect there."`
	`69`	`+ default = true`
	`70`	`+}`
	`71`	`+`
`67`	`72`	`variable "vpc_id" {}`