Hey there,
Im trying to create a vault pipeline test that well test with test assertions vault deployment.
I have 2 modules one is vault deployment from helm chart, the second is vault configuration.
I have a sub module for vault deployment (called vault_test) and the vault config module (called vault-config).
My main issue is passing the vault token from one submodule to the other submodule using the root provider configuration.
i have an output vault_token
from vault_test module.
main.tf:
module "vault_test" {
source = "github.com/.........."
dns_zone_id = local.dns_zone_id
aws_account_id = local.aws_account_id
prefix = local.prefix
environment = local.environment
region = local.region
oidc_provider = local.oidc_provider
oidc_arn = local.oidc_arn
vault_enabled = true
vault_replicas = 1
vault_namespace = local.vault_namespace
vault_version = "0.19.0"
vault_node_selector = "stateless"
vault_tls_disabled = false
ingress_internal_classname = local.ingress_internal_classname
basename = local.basename
if_test = local.if_test
}
module "vault-config-test" {
source = "../../"
environment = local.environment
github_token = "github"
vault_token = local.vault_token
basename = local.basename
vault_namespace = local.vault_namespace
vault_addr = local.vault_addr
depends_on = [module.vault_test]
}
provider.tf:
provider "vault" {
address = "vault-0.vault-internal:8200"
skip_tls_verify = true
max_retries = 4
token = module.vault_test.vault_token
skip_child_token = true
}
when i try to apply i get this error:
│ Error: no vault token found
│
│ with module.vault-config-test.provider["registry.terraform.io/hashicorp/vault"],
│ on ../../providers.tf line 1, in provider "vault":
│ 1: provider "vault" {
│
Is this possible to pass the vault token from one submodule to the other?