switch back

e2b-dev · Feb 11, 2025 · e051ac6 · e051ac6
1 parent 2542cfd
commit e051ac6
Showing 1 changed file with 218 additions and 50 deletions.
diff --git a/packages/init/main.tf b/packages/init/main.tf
@@ -1,3 +1,4 @@
+
 # Enable Secrets Manager API
 resource "google_project_service" "secrets_manager_api" {
   service = "secretmanager.googleapis.com"
@@ -68,43 +69,36 @@ resource "google_service_account_key" "google_service_key" {
   service_account_id = google_service_account.infra_instances_service_account.name
 }
 
-locals {
-  secrets = {
-    "cloudflare-api-token" = {
-      generate_uuid = false
-      initial_value = null
-    }
-    "consul-secret-id" = {
-      generate_uuid = true
-      initial_value = null
-    }
-    "nomad-secret-id" = {
-      generate_uuid = true
-      initial_value = null
-    }
-    "grafana-service-account-token" = {
-      generate_uuid = false
-      initial_value = " "
-    }
-    "e2b-grafana-cloud-access-policy-token" = {
-      generate_uuid = false
-      initial_value = " "
-    }
-    "analytics-collector-host" = {
-      generate_uuid = false
-      initial_value = " "
-    }
-    "analytics-collector-api-token" = {
-      generate_uuid = false
-      initial_value = " "
-    }
-  }
-}
-
-resource "google_secret_manager_secret" "secrets" {
-  for_each = local.secrets
-
-  secret_id = "${var.prefix}${each.key}"
+
+resource "google_secret_manager_secret" "cloudflare_api_token" {
+  secret_id = "${var.prefix}cloudflare-api-token"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "consul_acl_token" {
+  secret_id = "${var.prefix}consul-secret-id"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "random_uuid" "consul_acl_token" {}
+
+resource "google_secret_manager_secret_version" "consul_acl_token" {
+  secret      = google_secret_manager_secret.consul_acl_token.name
+  secret_data = random_uuid.consul_acl_token.result
+}
+
+resource "google_secret_manager_secret" "nomad_acl_token" {
+  secret_id = "${var.prefix}nomad-secret-id"
 
   replication {
     auto {}
@@ -113,24 +107,197 @@ resource "google_secret_manager_secret" "secrets" {
   depends_on = [time_sleep.secrets_api_wait_60_seconds]
 }
 
-resource "random_uuid" "secret_uuids" {
-  for_each = {
-    for k, v in local.secrets : k => v
-    if v.generate_uuid
+resource "random_uuid" "nomad_acl_token" {}
+
+resource "google_secret_manager_secret_version" "nomad_acl_token" {
+  secret      = google_secret_manager_secret.nomad_acl_token.name
+  secret_data = random_uuid.nomad_acl_token.result
+}
+
+resource "google_secret_manager_secret" "grafana_api_key" {
+  secret_id = "${var.prefix}grafana-api-key"
+
+  replication {
+    auto {}
   }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
 }
 
-resource "google_secret_manager_secret_version" "secret_versions" {
-  for_each = local.secrets
+resource "google_secret_manager_secret_version" "grafana_api_key" {
+  secret      = google_secret_manager_secret.grafana_api_key.name
+  secret_data = " "
 
-  secret      = google_secret_manager_secret.secrets[each.key].name
-  secret_data = each.value.generate_uuid ? random_uuid.secret_uuids[each.key].result : each.value.initial_value
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
 
-  dynamic "lifecycle" {
-    for_each = each.value.initial_value != null ? [1] : []
-    content {
-      ignore_changes = [secret_data]
-    }
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_traces_endpoint" {
+  secret_id = "${var.prefix}grafana-traces-endpoint"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_traces_endpoint" {
+  secret      = google_secret_manager_secret.grafana_traces_endpoint.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_logs_endpoint" {
+  secret_id = "${var.prefix}grafana-logs-endpoint"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_logs_endpoint" {
+  secret      = google_secret_manager_secret.grafana_logs_endpoint.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_metrics_endpoint" {
+  secret_id = "${var.prefix}grafana-metrics-endpoint"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_metrics_endpoint" {
+  secret      = google_secret_manager_secret.grafana_metrics_endpoint.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_traces_username" {
+  secret_id = "${var.prefix}grafana-traces-username"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_traces_username" {
+  secret      = google_secret_manager_secret.grafana_traces_username.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_logs_username" {
+  secret_id = "${var.prefix}grafana-logs-username"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_logs_username" {
+  secret      = google_secret_manager_secret.grafana_logs_username.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "grafana_metrics_username" {
+  secret_id = "${var.prefix}grafana-metrics-username"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "grafana_metrics_username" {
+  secret      = google_secret_manager_secret.grafana_metrics_username.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "analytics_collector_host" {
+  secret_id = "${var.prefix}analytics-collector-host"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "analytics_collector_host" {
+  secret      = google_secret_manager_secret.analytics_collector_host.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret" "analytics_collector_api_token" {
+  secret_id = "${var.prefix}analytics-collector-api-token"
+
+  replication {
+    auto {}
+  }
+
+  depends_on = [time_sleep.secrets_api_wait_60_seconds]
+}
+
+resource "google_secret_manager_secret_version" "analytics_collector_api_token" {
+  secret      = google_secret_manager_secret.analytics_collector_api_token.name
+  secret_data = " "
+
+  lifecycle {
+    ignore_changes = [secret_data]
   }
 
   depends_on = [time_sleep.secrets_api_wait_60_seconds]
@@ -148,6 +315,7 @@ resource "time_sleep" "artifact_registry_api_wait_60_seconds" {
   create_duration = "60s"
 }
 
+
 resource "google_artifact_registry_repository_iam_member" "orchestration_repository_member" {
   repository = google_artifact_registry_repository.orchestration_repository.name
   role       = "roles/artifactregistry.reader"