Add support for vault-provided credentials (and example)

[zhenik]

What is the issue?

Add support for fetching credentials for dependent modules from the Vault and render them directly to nomad job.

Suggestion(s)/solution(s) [Optional]

Follow hive pr Skatteetaten/terraform-nomad-hive#53

Optional

Creds with vault

• related Proper rendering of credentials terraform-nomad-minio#66
• related Proper rendering of credentials terraform-nomad-postgres#45
• related Improve credentials management terraform-nomad-hive#44

Checklist (after created issue)

• Added label(s)
• Added to project
• Added to milestone

[claesgill]

I'm not sure why we would want to do this. I mean examples of using Vault creds is present in all the modules already.

[zhenik]

I'm not sure why we would want to do this. I mean examples of using Vault creds is present in all the modules already.

Supported:

• Shared secret ref
• minio secrets ref

Also, we might need to refactor variables.tf. There is typo with use_vault_secret_provider

variable "vault_secret" {
  type = object({
    use_vault_secret_provider = string,
    vault_kv_policy_name      = string,
    vault_kv_path             = string,
    vault_kv_secret_key_name  = string
  })
  description = "Set of properties to be able fetch shared cluster secret from vault"
  default = {
    use_vault_secret_provider = true
    vault_kv_policy_name      = "kv-secret"
    vault_kv_path             = "secret/data/presto"
    vault_kv_secret_key_name  = "cluster_shared_secret"
  }
}

[claesgill]

Ahh got it, thought you meant something else. Then I agree, not sure about providing additional examples though. Should just use the ones we already have, and turning on every feature. WDYT?

It's late and I don't have my glasses, but I can't see any typos 😅 What's the typo?

[zhenik]

[claesgill]

Oh, thanks! I fixed it (only the typo) in this PR #79