feat(modules/secret-manager): add support for version_destroy_ttl
Closes #2644
This commit is contained in:
Frits
committed by
Wiktor Niesiobędzki
Wiktor Niesiobędzki
parent
d4b594f83a
commit
b9fbdbcf7b
@@ -192,8 +192,8 @@ module "secret-manager" {
|
||||
| [project_id](variables.tf#L29) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
||||
| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L23) | Optional labels for each secret. | <code>map(map(string))</code> | | <code>{}</code> |
|
||||
| [secrets](variables.tf#L34) | Map of secrets to manage, their optional expire time, locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ expire_time = optional(string) locations = optional(list(string)) keys = optional(map(string)) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [versions](variables.tf#L44) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [secrets](variables.tf#L34) | Map of secrets to manage, their optional expire time, version destroy ttl, locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ expire_time = optional(string) locations = optional(list(string)) keys = optional(map(string)) version_destroy_ttl = optional(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [versions](variables.tf#L45) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -36,11 +36,12 @@ locals {
|
||||
}
|
||||
|
||||
resource "google_secret_manager_secret" "default" {
|
||||
for_each = var.secrets
|
||||
project = var.project_id
|
||||
secret_id = each.key
|
||||
labels = lookup(var.labels, each.key, null)
|
||||
expire_time = each.value.expire_time
|
||||
for_each = var.secrets
|
||||
project = var.project_id
|
||||
secret_id = each.key
|
||||
labels = lookup(var.labels, each.key, null)
|
||||
expire_time = each.value.expire_time
|
||||
version_destroy_ttl = each.value.version_destroy_ttl
|
||||
|
||||
dynamic "replication" {
|
||||
for_each = each.value.locations == null ? [""] : []
|
||||
|
||||
@@ -32,11 +32,12 @@ variable "project_id" {
|
||||
}
|
||||
|
||||
variable "secrets" {
|
||||
description = "Map of secrets to manage, their optional expire time, locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set."
|
||||
description = "Map of secrets to manage, their optional expire time, version destroy ttl, locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set."
|
||||
type = map(object({
|
||||
expire_time = optional(string)
|
||||
locations = optional(list(string))
|
||||
keys = optional(map(string))
|
||||
expire_time = optional(string)
|
||||
locations = optional(list(string))
|
||||
keys = optional(map(string))
|
||||
version_destroy_ttl = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user