ci: clean up infra logs II (#15218)

elastic · Jan 16, 2025 · 246f3a5 · 246f3a5
1 parent 50b8f5d
commit 246f3a5
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 17 deletions.
diff --git a/testing/infra/terraform/modules/ec_deployment/deployment.tf b/testing/infra/terraform/modules/ec_deployment/deployment.tf
@@ -125,11 +125,16 @@ resource "local_file" "enable_features" {
   filename = "${path.module}/scripts/enable_features.sh"
 }
 
+locals {
+  secret_token_file = "${path.cwd}/secret_token_value.json"
+}
+
 resource "local_file" "secret_token" {
   count = var.integrations_server ? 1 : 0
   content = templatefile("${path.module}/scripts/secret_token.tftpl", {
-    kibana_url       = ec_deployment.deployment.kibana.0.https_endpoint,
-    elastic_password = ec_deployment.deployment.elasticsearch_password,
+    kibana_url        = ec_deployment.deployment.kibana.0.https_endpoint,
+    elastic_password  = ec_deployment.deployment.elasticsearch_password,
+    secret_token_file = local.secret_token_file
   })
   filename = "${path.module}/scripts/secret_token.sh"
 }
@@ -180,6 +185,14 @@ resource "null_resource" "secret_token" {
   }
 }
 
+# Since the secret token value is set in the APM Integration policy, we need
+# to extract it from there.
+# Load it from secret_token_file as a sensitive variable.
+data "local_sensitive_file" "secret_token" {
+  filename   = local.secret_token_file
+  depends_on = [null_resource.secret_token]
+}
+
 resource "null_resource" "shard_settings" {
   count = var.apm_index_shards > 0 ? 1 : 0
   triggers = {
@@ -206,16 +219,6 @@ resource "null_resource" "custom_apm_integration_pkg" {
   }
 }
 
-# Since the secret token value is set in the APM Integration policy, we need
-# an "external" resource to run a shell script that returns the secret token
-# as {"value":"SECRET_TOKEN"}.
-data "external" "secret_token" {
-  count       = var.integrations_server ? 1 : 0
-  depends_on  = [local_file.secret_token]
-  program     = ["/bin/bash", "-c", "scripts/secret_token.sh"]
-  working_dir = path.module
-}
-
 resource "null_resource" "drop_pipeline" {
   count = var.drop_pipeline ? 1 : 0
   triggers = {

diff --git a/testing/infra/terraform/modules/ec_deployment/outputs.tf b/testing/infra/terraform/modules/ec_deployment/outputs.tf
@@ -9,7 +9,7 @@ output "apm_url" {
 }
 
 output "apm_secret_token" {
-  value       = var.integrations_server ? data.external.secret_token.0.result.value : ec_deployment.deployment.apm_secret_token
+  value       = var.integrations_server ? data.local_sensitive_file.secret_token.content : ec_deployment.deployment.apm_secret_token
   sensitive   = true
   description = "The APM Secret token"
 }

diff --git a/testing/infra/terraform/modules/ec_deployment/scripts/secret_token.tftpl b/testing/infra/terraform/modules/ec_deployment/scripts/secret_token.tftpl
@@ -1,9 +1,12 @@
 #!/bin/bash
+#
+# This script reads the APM Secret Token from the Elastic Agent policy and stores it
+# in a local file to be used as Terraform output from this module.
 
 KIBANA_ENDPOINT=${kibana_url}/api/fleet/package_policies/elastic-cloud-apm
 KIBANA_AUTH=elastic:${elastic_password}
 
-SECRET_TOKEN=$(curl -s -u $${KIBANA_AUTH} $${KIBANA_ENDPOINT} $${KIBANA_ENDPOINT} |\
-    jq -r '.item | select(.inputs[].policy_template == "apmserver") .inputs[].vars.secret_token.value' | uniq)
-
-echo "{\"value\":\"$${SECRET_TOKEN}\"}"
+curl -s -u $${KIBANA_AUTH} $${KIBANA_ENDPOINT} $${KIBANA_ENDPOINT} \
+  | jq -r '.item | select(.inputs[].policy_template == "apmserver") .inputs[].vars.secret_token.value' \
+  | uniq \
+  > "${secret_token_file}"