Skip to content

feat(ssm-secrets): add support for extra config options #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
goruha merged 2 commits into from
Oct 9, 2025
Merged

feat(ssm-secrets): add support for extra config options #45

goruha merged 2 commits into from
Oct 9, 2025

Conversation

@RoseSecurity
Copy link
Contributor

@RoseSecurity RoseSecurity commented Oct 9, 2025
edited by coderabbitai bot
Loading

what

  • Added support for specifying parameter_store_paths and resources in the values passed to the external_ssm_secrets module, enabling more granular control over which secrets and resources are managed.
  • Introduced a serviceAccount configuration that sets the service account name based on module.this.name, improving service account management.
  • Added an rbac configuration block with a create flag controlled by var.rbac_enabled, allowing for optional RBAC resource creation.

why

  • This updates the configuration for the external_ssm_secrets module to support additional customization and RBAC (Role-Based Access Control) options. The main changes expand the set of values passed to the module, allowing for more flexible and secure integration.

Summary by CodeRabbit

  • New Features

    • Configure multiple Parameter Store paths for external secrets.
    • Add resource requests/limits configuration for pods.
    • Specify custom ServiceAccount names and toggle RBAC creation.
    • Maintains existing region configuration.

  • Chores

    • Updated chart/values structure to support the new configuration options without changing existing behavior.

@RoseSecurity
feat(ssm-secrets): add support for extra config options
0c95b22 
Add support for passing `parameter_store_paths`, `resources`, `serviceAccount`,
and `rbac` options to the external_ssm_secrets module. This enables more
flexible configuration of the secrets operator, including custom RBAC and
service account settings.
@coderabbitai
Copy link

coderabbitai bot commented Oct 9, 2025
edited
Loading

Walkthrough

Adds new YAML keys to the values passed to the external_ssm_secrets Helm chart in src/main.tf: parameter_store_paths, resources, serviceAccount.name, and rbac.create. The existing region value remains. No control-flow or public API changes.

Changes

Cohort / File(s) Summary
Terraform Helm values update
src/main.tf		 Expanded YAML-encoded values for external_ssm_secrets: added parameter_store_paths, resources, serviceAccount: { name }, and rbac: { create }; retained region.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hop through fields of keys and names,
New paths and roles in tidy frames.
A service account takes its place,
RBAC set with careful grace.
Region steady, secrets grow—what a race! 🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly and accurately describes the primary change of the pull request, which is adding support for extra configuration options in the SSM secrets module. It follows conventional commit style, clearly indicating a new feature and its scope, and avoids vague or generic language. The phrasing is concise and immediately conveys the main enhancement without extraneous detail.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch improve-helm-release-values
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0c95b22 and 156a8a7.

📒 Files selected for processing (1)
  • src/main.tf (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/main.tf
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Summary

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mergify mergify bot requested review from a team October 9, 2025 16:54
@mergify mergify bot added the triage Needs triage label Oct 9, 2025
coderabbitai[bot]
coderabbitai bot reviewed Oct 9, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f607a7 and 0c95b22.

📒 Files selected for processing (1)
  • src/main.tf (1 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
src/@(main|variables|outputs|providers|versions|context).tf

📄 CodeRabbit inference engine (AGENTS.md)

Keep the Terraform component’s core files (main.tf, variables.tf, outputs.tf, providers.tf, versions.tf, context.tf) in src/ as the source of truth

Files:

  • src/main.tf
src/**/*.tf

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.tf: Use 2-space indentation for all Terraform files
Prefer lower_snake_case for Terraform variables and locals
Keep Terraform resource and data source names descriptive and aligned with Cloud Posse null-label patterns
Run terraform fmt and do not commit formatting violations
Follow TFLint rules configured in .tflint.hcl; do not commit lint violations

Files:

  • src/main.tf
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Summary

@mergify mergify bot added the needs-test Needs testing label Oct 9, 2025
@RoseSecurity
Copy link
Contributor Author

RoseSecurity commented Oct 9, 2025

/terratest

@goruha goruha added this pull request to the merge queue Oct 9, 2025
@mergify mergify bot removed the triage Needs triage label Oct 9, 2025
Merged via the queue into main with commit a1d46a0 Oct 9, 2025
19 checks passed
@goruha goruha deleted the improve-helm-release-values branch October 9, 2025 18:39
@github-actions
Copy link

github-actions bot commented Oct 9, 2025

These changes were released in v1.537.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@goruha goruha goruha approved these changes

Assignees

No one assigned

Labels

needs-test Needs testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RoseSecurity @goruha