Merge pull request #14 from htc-demo-00-azure/s2s-secret

johanneswuerbach · web-flow · commit 98e0596cefdb · 2024-04-23T15:09:09.000+02:00
feat: set backstage service-to-service auth key
diff --git a/examples/with-backstage/README.md b/examples/with-backstage/README.md
@@ -92,6 +92,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | helm | ~> 2.12 |
 | humanitec | ~> 1.0 |
 | kubernetes | ~> 2.25 |
+| random | ~> 3.5 |
 
 ### Providers
 
@@ -100,6 +101,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | azurerm | ~> 3.87 |
 | github | ~> 5.38 |
 | humanitec | ~> 1.0 |
+| random | ~> 3.5 |
 
 ### Modules
 
@@ -128,6 +130,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | [humanitec_application.backstage](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource |
 | [humanitec_resource_definition_criteria.backstage_mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
 | [humanitec_resource_definition_criteria.backstage_postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource |
+| [humanitec_value.app_config_backend_auth_keys](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_cloud_provider](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_github_app_client_id](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_github_app_client_secret](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
@@ -137,6 +140,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | [humanitec_value.backstage_github_org_id](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_humanitec_org](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
 | [humanitec_value.backstage_humanitec_token](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/value) | resource |
+| [random_bytes.backstage_service_to_service_auth_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/bytes) | resource |
 
 ### Inputs
 
diff --git a/examples/with-backstage/backstage-humanitec.tf b/examples/with-backstage/backstage-humanitec.tf
@@ -77,6 +77,20 @@ resource "humanitec_value" "backstage_cloud_provider" {
   is_secret   = false
 }
 
+resource "random_bytes" "backstage_service_to_service_auth_key" {
+  length = 24
+}
+
+resource "humanitec_value" "app_config_backend_auth_keys" {
+  app_id      = humanitec_application.backstage.id
+  key         = "APP_CONFIG_backend_auth_keys"
+  description = "Backstage service-to-service-auth keys"
+  value = jsonencode([{
+    secret = random_bytes.backstage_service_to_service_auth_key.base64
+  }])
+  is_secret = true
+}
+
 # Configure required resources for backstage
 
 locals {
diff --git a/examples/with-backstage/provider.tf b/examples/with-backstage/provider.tf
@@ -28,6 +28,10 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = "~> 2.25"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
   }
   required_version = ">= 1.3.0"
 }

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,10 @@ terraform {`
`28`	`28`	`source = "hashicorp/kubernetes"`
`29`	`29`	`version = "~> 2.25"`
`30`	`30`	`}`
	`31`	`+ random = {`
	`32`	`+ source = "hashicorp/random"`
	`33`	`+ version = "~> 3.5"`
	`34`	`+ }`
`31`	`35`	`}`
`32`	`36`	`required_version = ">= 1.3.0"`
`33`	`37`	`}`