From 485bc22e78a19e6e600dd038670cb481707c7406 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Mon, 27 Mar 2023 15:50:15 -0700
Subject: [PATCH] Add TODO for using nomad api socket

---
 core/metrics/prometheus.nomad | 2 ++
 services/main.tf              | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/core/metrics/prometheus.nomad b/core/metrics/prometheus.nomad
index 7521056..76da3fe 100644
--- a/core/metrics/prometheus.nomad
+++ b/core/metrics/prometheus.nomad
@@ -70,6 +70,8 @@ scrape_configs:
       format:
         - "prometheus"
     nomad_sd_configs:
+        # TODO: Use NOMAD_SECRETS_DIR/api.sock and workload idenity when
+        # workload acls can be set using terraform
       - server: "http://{{env "attr.unique.network.ip-address"}}:4646"
     relabel_configs:
       - source_labels: [__meta_nomad_service]
diff --git a/services/main.tf b/services/main.tf
index beb8b0c..88faf1d 100644
--- a/services/main.tf
+++ b/services/main.tf
@@ -148,6 +148,8 @@ module "diun" {
     DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT = true
 
     # Nomad API
+    # TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
+    # allow read access. Will need to update template to allow passing token by env
     NOMAD_ADDR           = "http://$${attr.unique.network.ip-address}:4646/"
     DIUN_PROVIDERS_NOMAD = true
   }