Closed Polpetta closed 11 months ago
I have also experienced issues with this. Using name_prefix
results in the error:
"Error: putting Secrets Manager Secret value: ResourceNotFoundException: Secrets Manager can't find the specified secret."
The secret manager is created with a name reflecting the prefix, but the values are not set as it appears to be attempting to set the values on the resource based only on the fixed name of the block, ignoring the prefix.
resource "aws_secretsmanager_secret_version" "sm-sv" {
for_each = { for k, v in var.secrets : k => v if !var.unmanaged }
secret_id = aws_secretsmanager_secret.sm[each.key].id
secret_string = lookup(each.value, "secret_string", null) != null ? lookup(each.value, "secret_string", null) : (lookup(each.value, "secret_key_value", null) != null ? jsonencode(lookup(each.value, "secret_key_value", {})) : null)
secret_binary = lookup(each.value, "secret_binary", null) != null ? base64encode(lookup(each.value, "secret_binary")) : null
depends_on = [aws_secretsmanager_secret.sm]
lifecycle {
ignore_changes = [
secret_id,
]
}
}
secret_id
value should be like I mentioned above, because each has to fetch from sm resources, instead of checking the parameter.
@Polpetta @surendarrajasekaran latest release has this change. Closing this, but if the error persist feel free to open another issue or leave a comment here.
Hi, I've noticed that with the latest release (0.6.2) the deployment fails if
name_prefix
is set.To reproduce it just create a
secrets
map like that:When deploying, you'll have the following error:
I'm not sure, but giving a quick look a the terraform codebase I think the problem is in the following line, where the key is taken without keeping in consideration that the real id could be generated differently (such as in this case, where I have different stages and I'll need to have different ids even if the key will be the same...) https://github.com/lgallard/terraform-aws-secrets-manager/blob/37fa067663455528f7a7bfafa97dd3184d8e399b/main.tf#L21
I noticed the same behavior is done in the next resource block too: https://github.com/lgallard/terraform-aws-secrets-manager/blob/37fa067663455528f7a7bfafa97dd3184d8e399b/main.tf#L34