Refactor secret manager module (#3315)

* wip * wip * wip * wip * tested, missing versions * working * fix secops stage * readme * tests * tflint
2025-09-10 13:47:35 +02:00
parent c1e8f9d70c
commit 63a22cd9a2
25 changed files with 1222 additions and 513 deletions
--- a/tests/modules/cloud_run/examples/secrets.yaml
+++ b/tests/modules/cloud_run/examples/secrets.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,7 +17,13 @@ values:
    autogenerate_revision_name: false
    location: europe-west8
    metadata:
-    - {}
+    - annotations: null
+      effective_labels:
+        goog-terraform-provisioned: 'true'
+      generation: 0
+      labels: null
+      terraform_labels:
+        goog-terraform-provisioned: 'true'
    name: hello
    project: project-id
    template:
@@ -35,28 +41,65 @@ values:
          - mount_path: /credentials
            name: credentials
          working_dir: null
+        node_selector: null
+        service_account_name: tf-cr-hello@project-id.iam.gserviceaccount.com
        volumes:
-        - empty_dir: []
+        - csi: []
+          empty_dir: []
          name: credentials
+          nfs: []
          secret:
          - default_mode: null
            items:
            - key: latest
              mode: null
              path: v1.txt
-
+            secret_name: credentials
+    timeouts: null
  module.cloud_run.google_service_account.service_account[0]:
    account_id: tf-cr-hello
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform Cloud Run hello.
+    email: tf-cr-hello@project-id.iam.gserviceaccount.com
+    member: serviceAccount:tf-cr-hello@project-id.iam.gserviceaccount.com
    project: project-id
-
+    timeouts: null
  module.secret-manager.google_secret_manager_secret.default["credentials"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
    project: project-id
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
    secret_id: credentials
-
-  module.secret-manager.google_secret_manager_secret_iam_binding.default["credentials.roles/secretmanager.secretAccessor"]:
-    condition: []
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  ? module.secret-manager.google_secret_manager_secret_iam_binding.authoritative["credentials.roles/secretmanager.secretAccessor"]
+  : condition: []
+    members:
+    - serviceAccount:tf-cr-hello@project-id.iam.gserviceaccount.com
    role: roles/secretmanager.secretAccessor
-
+  module.secret-manager.google_secret_manager_secret_version.default["credentials/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: foo bar baz
+    secret_data_wo: null
+    secret_data_wo_version: 0
+    timeouts: null
 counts:
  google_cloud_run_service: 1
  google_secret_manager_secret: 1