Added expire_time option to the secret-manager module (#2373)
* Added expire_time option to the secret module * Ran tfdoc to update the readme file * Fixed a failed test, moved the expire_time variable to the top and ran tfdoc again
This commit is contained in:
parent
0bb75f3ae1
commit
270f61a75a
|
@ -110,11 +110,12 @@ module "secret-manager" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [project_id](variables.tf#L29) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L34) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
||||||
| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
| [expire_time](variables.tf#L16) | Timestamp in UTC when the Secret is scheduled to expire. | <code>string</code> | | <code>null</code> |
|
||||||
| [labels](variables.tf#L23) | Optional labels for each secret. | <code>map(map(string))</code> | | <code>{}</code> |
|
| [iam](variables.tf#L22) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||||
| [secrets](variables.tf#L34) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ locations = optional(list(string), null) keys = optional(map(string), null) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [labels](variables.tf#L28) | Optional labels for each secret. | <code>map(map(string))</code> | | <code>{}</code> |
|
||||||
| [versions](variables.tf#L43) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
| [secrets](variables.tf#L39) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ locations = optional(list(string), null) keys = optional(map(string), null) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
|
| [versions](variables.tf#L48) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -33,13 +33,15 @@ locals {
|
||||||
version_keypairs = {
|
version_keypairs = {
|
||||||
for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
|
for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
|
||||||
}
|
}
|
||||||
|
expire_time = var.expire_time != null ? var.expire_time : ""
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_secret_manager_secret" "default" {
|
resource "google_secret_manager_secret" "default" {
|
||||||
for_each = var.secrets
|
for_each = var.secrets
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
secret_id = each.key
|
secret_id = each.key
|
||||||
labels = lookup(var.labels, each.key, null)
|
labels = lookup(var.labels, each.key, null)
|
||||||
|
expire_time = local.expire_time != "" ? local.expire_time : null
|
||||||
|
|
||||||
dynamic "replication" {
|
dynamic "replication" {
|
||||||
for_each = each.value.locations == null ? [""] : []
|
for_each = each.value.locations == null ? [""] : []
|
||||||
|
|
|
@ -13,6 +13,11 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
variable "expire_time" {
|
||||||
|
description = "Timestamp in UTC when the Secret is scheduled to expire."
|
||||||
|
type = string
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "iam" {
|
variable "iam" {
|
||||||
description = "IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format."
|
description = "IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format."
|
||||||
|
|
Loading…
Reference in New Issue