[request] support for Nomad 1.4 secure variables

[shantanugadgil]

Terraform Version

1.2.9

Provider Version

1.4.18

Nomad Version

Nomad v1.4.0-beta.1 (d17021a366178a11b79353f13735389629102d6a)

Provider Configuration

N/A

When can we get the support for the secure variables in the terraform provider?

The secure variables are a very welcome addition (instead of setting up Vault only for the KV backend)

In our workflow, we would like to use Terraform to inject/update the secure variables into Nomad.
NOTE: The access to the repo of secrets would of course be a "very limited access"

[tgross]

Hi @shantanugadgil! We anticipate shipping TF support following 1.4.0 GA.

[iluminae]

@tgross any timeline on this? Looking forward to migrating from vault kv to nomad variables but need to control them with tf.

[HINT-SJ]

Nomad 1.4.1 is already out, still no (documented) support? :(

[jrasell]

Hi @iluminae and @HINT-SJ, the team balances a lot of work-streams and priorities which has meant we have not had the time to start this work quite yet. We will update this issue once we have started work and appreciate your patience.

[HINT-SJ]

For anyone reading this, for the meantime I'm using a little workaround:

resource "null_resource" "nomad_var_put" {
  triggers = {
    job_name    = local.nomad_job_name
    db_username = var.name
    db_password = random_string.pass.result
  }

  provisioner "local-exec" {
    command = "nomad var put nomad/jobs/${self.triggers.job_name} db_username=\"${self.triggers.db_username}\" db_password=\"${self.triggers.db_password}\""
  }

  provisioner "local-exec" {
    when    = destroy
    command = "nomad var purge nomad/jobs/${self.triggers.job_name}"
  }
}

Just make sure the current session is logged in to the correct nomad cluster :)

[IamTheFij]

In addition to setting the variables, it would be great to have the ability to pass Job ACLs as well. The base client supports this already.

[lgfa29]

Hi @IamTheFij, would you be able to explain a little more what you mean by pass Job ACLs? Is this related to Nomad variables?

[IamTheFij]

Yes, it's related to Variables. As far as I can tell, the ability to assign an ACL to a workload was added to provide Variable access to Jobs and Tasks. https://developer.hashicorp.com/nomad/docs/concepts/variables. The Go API already allows optionally passing this information along with an ACL, but it's not yet possible with Terraform.

[regner]

I didn't fully read the comments on this issue before creating a new issue, but what @IamTheFij is talking is the same thing I requested in #306.

[Borsty]

Still no progress on this? We're already on nomad 1.5 :'(

-edit-
Looks like someone has been busy: #325 :)

[lgfa29]

Implemented in #325.

Thank you very much @regner and @iluminae 🙂