Closed marcportabellaclotet-mt closed 3 years ago
@marcportabellaclotet-mt that could happen if you changes the order of the secrets definitions, for instance if you add a new secret at the top of the list.
I can change the implementacion but it will require importing the old resources to match the new map and keys.
Yes, this can happen when you add secrets on top or delete a secret that is not the last one. This problem also can cause that you lose history. AWS secrets are versioned, so when you recreate a secret, versioning is lost. Maybe you could release a new major version with the new format. A new implementation will break all current setups, so it has to be managed properly, and add a migration guide.. Thanks for your feedback
@marcportabellaclotet-mt PR #14 has the map implementation. Now I need to test it and as you mention I need to elaborate a migration guide or script to help in migrating to this breaking new release.
Therefore my todo list includes:
@marcportabellaclotet-mt the map implementation is already available in version 0.5.0
Thanks! Great job!
You are welcome!
Hey @lgallard,
After this change I cannot use variables in the secret names eg.
source = "lgallard/secrets-manager/aws"
secrets = {
"${local.secret_prefix}/myPrefixedSecret" = {
description = "shared banking config"
secret_key_value = {
token = "123456"
url = ""
}
},
}
tags = {
Owner = "My team"
Environment = var.environment
Terraform = true
}
}
@michalfin I took your code and adapted the plain tex example:
main.tf
module "secrets-manager-1" {
source = "lgallard/secrets-manager/aws"
secrets = {
"${local.secret_prefix}/myPrefixedSecret" = {
description = "My secret x"
recovery_window_in_days = 7
secret_string = "This is an example"
},
"${local.secret_prefix}/myPrefixedSecret-2" = {
description = "My secret y"
recovery_window_in_days = 7
secret_string = "This is another example"
}
}
tags = {
Owner = "DevOps team"
Environment = var.environment
Terraform = true
}
}
And It worked:
$ terraform apply
module.secrets-manager-1.aws_secretsmanager_secret.sm["dev/myPrefixedSecret-2"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-2-H7zDY4]
module.secrets-manager-1.aws_secretsmanager_secret.sm["dev/myPrefixedSecret"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-XD40gj]
module.secrets-manager-1.aws_secretsmanager_secret_version.sm-sv["dev/myPrefixedSecret-2"]: Refreshing state... [id=dev/myPrefixedSecret-2|AC0EF2A6-AF07-4B74-8678-31DDE177282B]
module.secrets-manager-1.aws_secretsmanager_secret_version.sm-sv["dev/myPrefixedSecret"]: Refreshing state... [id=dev/myPrefixedSecret|C47BC246-F483-4820-AE28-71BBD9E32FB1]
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
secret_arns = {
"dev/myPrefixedSecret" = "arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-XD40gj"
"dev/myPrefixedSecret-2" = "arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-2-H7zDY4"
}
secret_ids = {
"dev/myPrefixedSecret" = "arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-XD40gj"
"dev/myPrefixedSecret-2" = "arn:aws:secretsmanager:us-east-1:x:secret:dev/myPrefixedSecret-2-H7zDY4"
Here are my variables.tf and the local.tf files:
variables.tf
# General vars
variable "environment" {
description = "Env"
type = string
default = "dev"
}
local.tf
locals {
secret_prefix = "dev"
}
what error do you get?
Alternatively, it can be used for_each approach
And defining secrets like this: