#!/bin/bash # Terraform Consul Provider 配置脚本 # 用于配置 Terraform 从 Consul 读取敏感配置 set -euo pipefail ENVIRONMENT="${ENVIRONMENT:-dev}" CONSUL_ADDR="${CONSUL_ADDR:-http://localhost:8500}" # 颜色输出 GREEN='\033[0;32m' BLUE='\033[0;34m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1" } log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1" } # 创建 Terraform Consul Provider 配置 create_consul_provider() { local tf_dir="infrastructure/environments/${ENVIRONMENT}" log_info "创建 Terraform Consul Provider 配置..." cat > "${tf_dir}/consul-provider.tf" << 'EOF' # Consul Provider 配置 terraform { required_providers { consul = { source = "hashicorp/consul" version = "~> 2.18" } } } provider "consul" { address = var.consul_config.address token = lookup(var.consul_config, "token", null) } # 从 Consul 读取 Oracle Cloud 配置 data "consul_keys" "oracle_config" { key { name = "tenancy_ocid" path = "config/${var.environment}/oracle/tenancy_ocid" } key { name = "user_ocid" path = "config/${var.environment}/oracle/user_ocid" } key { name = "fingerprint" path = "config/${var.environment}/oracle/fingerprint" } key { name = "private_key" path = "config/${var.environment}/oracle/private_key" } key { name = "compartment_ocid" path = "config/${var.environment}/oracle/compartment_ocid" } } # 创建临时私钥文件 resource "local_file" "oci_private_key" { content = data.consul_keys.oracle_config.var.private_key filename = "/tmp/oci_private_key_${var.environment}.pem" file_permission = "0600" lifecycle { ignore_changes = [content] } } # 本地变量,用于构建完整的 OCI 配置 locals { oci_config_from_consul = { tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid user_ocid = data.consul_keys.oracle_config.var.user_ocid fingerprint = data.consul_keys.oracle_config.var.fingerprint private_key_path = local_file.oci_private_key.filename region = var.oci_config.region compartment_ocid = data.consul_keys.oracle_config.var.compartment_ocid } } EOF log_success "Consul Provider 配置已创建: ${tf_dir}/consul-provider.tf" } # 创建变量定义文件 create_variables() { local tf_dir="infrastructure/environments/${ENVIRONMENT}" log_info "更新 Terraform 变量定义..." cat > "${tf_dir}/variables.tf" << 'EOF' # 基本变量 variable "environment" { description = "环境名称" type = string } variable "project_name" { description = "项目名称" type = string } variable "owner" { description = "项目所有者" type = string } variable "cloud_providers" { description = "要启用的云服务商" type = list(string) default = [] } variable "vpc_cidr" { description = "VPC CIDR 块" type = string } variable "availability_zones" { description = "可用区列表" type = list(string) } variable "common_tags" { description = "通用标签" type = map(string) default = {} } # Consul 配置 variable "consul_config" { description = "Consul 配置" type = object({ address = string token = optional(string) }) } # Oracle Cloud 配置(基本信息) variable "oci_config" { description = "Oracle Cloud 基本配置" type = object({ region = string tenancy_ocid = optional(string, "FROM_CONSUL") user_ocid = optional(string, "FROM_CONSUL") fingerprint = optional(string, "FROM_CONSUL") private_key_path = optional(string, "FROM_CONSUL") compartment_ocid = optional(string, "FROM_CONSUL") }) } # 其他云服务商配置 variable "huawei_config" { description = "华为云配置" type = object({ access_key = string secret_key = string region = string project_id = string }) default = { access_key = "" secret_key = "" region = "cn-north-4" project_id = "" } } variable "gcp_config" { description = "Google Cloud 配置" type = object({ project_id = string region = string zone = string credentials_file = string }) default = { project_id = "" region = "asia-northeast3" zone = "asia-northeast3-a" credentials_file = "" } } variable "aws_config" { description = "AWS 配置" type = object({ region = string access_key = string secret_key = string }) default = { region = "ap-northeast-2" access_key = "" secret_key = "" } } variable "do_config" { description = "DigitalOcean 配置" type = object({ token = string region = string }) default = { token = "" region = "sgp1" } } EOF log_success "变量定义已更新: ${tf_dir}/variables.tf" } # 创建示例 main.tf create_main_tf() { local tf_dir="infrastructure/environments/${ENVIRONMENT}" log_info "创建示例 main.tf..." cat > "${tf_dir}/main.tf" << 'EOF' # 主要 Terraform 配置文件 terraform { required_version = ">= 1.0" required_providers { oci = { source = "oracle/oci" version = "~> 5.0" } } } # Oracle Cloud Provider provider "oci" { tenancy_ocid = local.oci_config_from_consul.tenancy_ocid user_ocid = local.oci_config_from_consul.user_ocid fingerprint = local.oci_config_from_consul.fingerprint private_key_path = local.oci_config_from_consul.private_key_path region = local.oci_config_from_consul.region } # 示例:创建 VCN resource "oci_core_vcn" "main" { count = contains(var.cloud_providers, "oracle") ? 1 : 0 compartment_id = local.oci_config_from_consul.compartment_ocid cidr_block = var.vpc_cidr display_name = "${var.project_name}-${var.environment}-vcn" freeform_tags = var.common_tags } # 输出 output "vcn_id" { description = "VCN ID" value = try(oci_core_vcn.main[0].id, null) } output "oci_config_source" { description = "OCI 配置来源" value = "consul" } EOF log_success "示例 main.tf 已创建: ${tf_dir}/main.tf" } # 主函数 main() { case "${1:-help}" in "setup") create_consul_provider create_variables create_main_tf ;; "help"|*) cat << EOF Terraform Consul Provider 配置脚本 用法: $0 [选项] 选项: setup 创建 Terraform Consul Provider 配置 help 显示此帮助信息 环境变量: ENVIRONMENT 环境名称 (默认: dev) CONSUL_ADDR Consul 地址 (默认: http://localhost:8500) EOF ;; esac } main "$@"