Added expire_time option to the secret-manager module (#2373)
* Added expire_time option to the secret module * Ran tfdoc to update the readme file * Fixed a failed test, moved the expire_time variable to the top and ran tfdoc again
This commit is contained in:
parent
0bb75f3ae1
commit
270f61a75a
|
@ -110,11 +110,12 @@ module "secret-manager" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L29) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
||||
| [iam](variables.tf#L17) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L23) | Optional labels for each secret. | <code>map(map(string))</code> | | <code>{}</code> |
|
||||
| [secrets](variables.tf#L34) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ locations = optional(list(string), null) keys = optional(map(string), null) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [versions](variables.tf#L43) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
| [project_id](variables.tf#L34) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
||||
| [expire_time](variables.tf#L16) | Timestamp in UTC when the Secret is scheduled to expire. | <code>string</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L22) | IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format. | <code>map(map(list(string)))</code> | | <code>{}</code> |
|
||||
| [labels](variables.tf#L28) | Optional labels for each secret. | <code>map(map(string))</code> | | <code>{}</code> |
|
||||
| [secrets](variables.tf#L39) | Map of secrets to manage, their locations and KMS keys in {LOCATION => KEY} format. {GLOBAL => KEY} format enables CMEK for automatic managed secrets. If locations is null, automatic management will be set. | <code title="map(object({ locations = optional(list(string), null) keys = optional(map(string), null) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [versions](variables.tf#L48) | Optional versions to manage for each secret. Version names are only used internally to track individual versions. | <code title="map(map(object({ enabled = bool data = string })))">map(map(object({…})))</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ locals {
|
|||
version_keypairs = {
|
||||
for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
|
||||
}
|
||||
expire_time = var.expire_time != null ? var.expire_time : ""
|
||||
}
|
||||
|
||||
resource "google_secret_manager_secret" "default" {
|
||||
|
@ -40,6 +41,7 @@ resource "google_secret_manager_secret" "default" {
|
|||
project = var.project_id
|
||||
secret_id = each.key
|
||||
labels = lookup(var.labels, each.key, null)
|
||||
expire_time = local.expire_time != "" ? local.expire_time : null
|
||||
|
||||
dynamic "replication" {
|
||||
for_each = each.value.locations == null ? [""] : []
|
||||
|
|
|
@ -13,6 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
variable "expire_time" {
|
||||
description = "Timestamp in UTC when the Secret is scheduled to expire."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
description = "IAM bindings in {SECRET => {ROLE => [MEMBERS]}} format."
|
||||
|
|
Loading…
Reference in New Issue