Open abower-digimarc opened 1 month ago
Hi @abower-digimarc , thanks for opening this issue. From reading through your config I wonder if referencing the secret_id like below would help solve your issue?
resource "google_secret_manager_secret" "redis_password" {
secret_id = "myResource-redis-password-${var.region}"
replication {
user_managed {
replicas {
location = var.region
}
}
}
}
resource "google_secret_manager_secret_version" "redis_password_value" {
secret = google_secret_manager_secret.redis_password.id
secret_data = data.secretsmanager_field.redis_password.value
}
name = "REDIS_PASSWORD"
value_from {
secret_key_ref {
key = latest
- name = resource.google_secret_manager_secret.redis_password.name
+ name = resource.google_secret_manager_secret.redis_password.secret_id
}
Note from triage: Forwarding this as a documentation issue
Community Note
Description
Currently, google_secret_manager_secret has two identical attributes: id and name. According to the doc, these both spit out identical strings that are prepended with the project id path.
However, when assigning secrets to container environment variables, the format requires alphanumeric, hyphen, or underscore only. This means the name and id attribute of a created secret are incompatible with passing into cloud run container secret env vars. I'd like an option to get the name/id alone without the path out of the object.
Error 400: service.spec.template.spec.containers[0].env[1].value_from.secret_key_ref.name: should have only alphanumeric characters, hyphens, or underscores │ Details: │ [ │ { │ "@type": "type.googleapis.com/google.rpc.BadRequest", │ "fieldViolations": [ │ { │ "description": "should have only alphanumeric characters, hyphens, or underscores", │ "field": "service.spec.template.spec.containers[0].env[1].value_from.secret_key_ref.name" │ } │ ] │ } │ ]
New or Affected Resource(s)
Potential Terraform Configuration
resource "google_secret_manager_secret" "redis_password" { secret_id = "myResource-redis-password-${var.region}" replication { user_managed { replicas { location = var.region } } } }
resource "google_secret_manager_secret_version" "redis_password_value" { secret = google_secret_manager_secret.redis_password.id secret_data = data.secretsmanager_field.redis_password.value }
name = "REDIS_PASSWORD" value_from { secret_key_ref { key = latest name = resource.google_secret_manager_secret.redis_password.name }
References
No response
b/344606298