locals { port_names = concat( var.service_port != null ? ["main"] : [], [for port in var.ports : port.name if port.task_config], ) } resource "nomad_job" "service" { jobspec = templatefile("${path.module}/service_template.nomad", { name = var.name count = var.instance_count priority = var.priority image = var.image image_pull_timeout = var.image_pull_timeout args = var.args env = var.env task_meta = var.task_meta task_identity = var.task_identity group_meta = var.group_meta job_meta = var.job_meta constraints = var.constraints docker_devices = var.docker_devices user = var.user actions = var.actions service_port = var.service_port service_port_static = var.service_port_static service_check = var.service_check ports = var.ports port_names = local.port_names sticky_disk = var.sticky_disk resources = var.resources stunnel_resources = var.stunnel_resources service_tags = var.service_tags custom_services = var.custom_services use_wesher = var.use_wesher ingress = var.ingress ingress_rule = var.ingress_rule ingress_middlewares = var.ingress_middlewares prometheus = var.prometheus templates = var.templates host_volumes = var.host_volumes use_mysql = var.use_mysql || var.mysql_bootstrap != null use_postgres = var.use_postgres || var.postgres_bootstrap != null use_redis = var.use_redis use_ldap = var.use_ldap mysql_bootstrap = var.mysql_bootstrap postgres_bootstrap = var.postgres_bootstrap }) detach = var.detach } resource "nomad_acl_policy" "secrets_mysql" { count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0 name = "${var.name}-secrets-mysql" description = "Give access to MySQL secrets" rules_hcl = < action if action.cron != null }) jobspec = templatefile("${path.module}/service_scheduled.nomad", { name = var.name action_name = each.value.name action_cron = each.value.cron }) } resource "nomad_acl_policy" "action_cron_workload_policy" { for_each = resource.nomad_job.action_cron name = "service-action-${each.value.id}" description = "Give custom service cron actions access to execute actions." rules_hcl = <