From 056eac976cdf95451914805e9d238dccd474b824 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Tue, 13 Feb 2024 12:05:21 -0800
Subject: [PATCH] lldap: Make it work on first bootstrap

Can't use the job id for creating the variables and permissions because we end up
with circular dependencies. The job won't return until it's successful in Nomad and it won't
start in nomad without access to varibles
---
 databases/lldap.tf | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/databases/lldap.tf b/databases/lldap.tf
index f4a18c6..b6c959a 100644
--- a/databases/lldap.tf
+++ b/databases/lldap.tf
@@ -27,7 +27,21 @@ namespace "default" {
 EOH
 
   job_acl {
-    job_id = resource.nomad_job.lldap.id
+    # job_id = resource.nomad_job.lldap.id
+    job_id = "lldap"
+  }
+}
+
+# Create self-scoped psk so that config is valid at first start
+resource "random_password" "lldap_ldap_psk" {
+  length           = 32
+  override_special = "!@#%&*-_="
+}
+
+resource "nomad_variable" "lldap_ldap_psk" {
+  path = "secrets/ldap/allowed_psks/ldap"
+  items = {
+    psk = "lldap:${resource.random_password.lldap_ldap_psk.result}"
   }
 }
 
@@ -46,7 +60,8 @@ namespace "default" {
 EOH
 
   job_acl {
-    job_id = resource.nomad_job.lldap.id
+    # job_id = resource.nomad_job.lldap.id
+    job_id = "lldap"
     group  = "lldap"
     task   = "lldap"
   }
@@ -67,7 +82,8 @@ namespace "default" {
 EOH
 
   job_acl {
-    job_id = resource.nomad_job.lldap.id
+    # job_id = resource.nomad_job.lldap.id
+    job_id = "lldap"
     group  = "lldap"
     task   = "bootstrap"
   }
@@ -99,7 +115,8 @@ namespace "default" {
 EOH
 
   job_acl {
-    job_id = resource.nomad_job.lldap.id
+    # job_id = resource.nomad_job.lldap.id
+    job_id = "lldap"
     group  = "lldap"
     task   = "stunnel"
   }