Allow multiple secrets for RDS Proxy

[ghost]

This issue was originally opened by @cisnerosk as hashicorp/terraform#27833. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Current Terraform Version

0.13.3

I did take a quick look at the Changelog for newer versions, and I didn't see where this is implemented in newer versions yet.

Use-cases

In the console you can add many secrets to the RDS proxy. Additionally the AWS CDK supports this, while trying to do this with Terraform it fails. It seems as though auth.secrets_arn can't take an array of values.

Attempted Solutions

N/A

Proposal

I'm not sure of how to fix this, although I suspect this block needs to be changed to support sets of hashes. I'm not familiar with Go, so this may be the wrong starting point.

References

https://github.com/aws/aws-cdk/issues/9098

[trevorrea]

@cisnerosk - you can define multiple auth blocks like below although it's not immediately obvious from the docs you can do this it works.

  auth {
    auth_scheme = "SECRETS"
    description = "1"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["1"].arn
  }
  auth {
    auth_scheme = "SECRETS"
    description = "2"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["2"].arn
  }
  auth {
    auth_scheme = "SECRETS"
    description = "3"
    iam_auth    = "DISABLED"
    secret_arn  = aws_secretsmanager_secret.rds_proxy["3"].arn
  }

[msusta]

Just passing through - this definitely works so this issue should be closed.

[karthik-twilio]

Same issue, I want to have wildcard and get all ARN to applied for that db_proxy. Then, I need secret_arn to support list

secret_arn = data.aws_secretsmanager_secret_version.this[*].arn

The above solution might not work, because we can't predict the number of secrets attached.