feat: extend default autorotate (#132) <br> Change the default auto_rotate value from 1 month to 12.

Author: alex-reiff

README.md

@@ -87,10 +87,10 @@ No modules.
 | <a name="input_cert_labels"></a> [cert\_labels](#input\_cert\_labels) | Optional, Labels for the certificate to be created | `list(string)` | `[]` | no |
 | <a name="input_cert_name"></a> [cert\_name](#input\_cert\_name) | Name of the certificate to be created in Secrets Manager | `string` | n/a | yes |
 | <a name="input_cert_other_sans"></a> [cert\_other\_sans](#input\_cert\_other\_sans) | Optional, The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to define for the CA certificate. The alternative names must match the values that are specified in the 'allowed\_other\_sans' field in the associated certificate template | `list(string)` | `[]` | no |
-| <a name="input_cert_rotation"></a> [cert\_rotation](#input\_cert\_rotation) | Optional, Rotation policy for the certificate to be created | <pre>object({<br>    auto_rotate = optional(bool)<br>    interval    = optional(number)<br>    unit        = optional(string)<br>  })</pre> | <pre>{<br>  "auto_rotate": true,<br>  "interval": 1,<br>  "unit": "month"<br>}</pre> | no |
+| <a name="input_cert_rotation"></a> [cert\_rotation](#input\_cert\_rotation) | Optional, Rotation policy for the certificate to be created | <pre>object({<br>    auto_rotate = optional(bool)<br>    interval    = optional(number)<br>    unit        = optional(string)<br>  })</pre> | <pre>{<br>  "auto_rotate": true,<br>  "interval": 12,<br>  "unit": "month"<br>}</pre> | no |
 | <a name="input_cert_secrets_group_id"></a> [cert\_secrets\_group\_id](#input\_cert\_secrets\_group\_id) | Optional, Id of Secrets Manager secret group to store the certificate in | `string` | `"default"` | no |
 | <a name="input_cert_template"></a> [cert\_template](#input\_cert\_template) | Name of the certificate template to use | `string` | n/a | yes |
-| <a name="input_cert_ttl"></a> [cert\_ttl](#input\_cert\_ttl) | Optional, Time-to-live (TTL) to assign to a private certificate | `string` | `null` | no |
+| <a name="input_cert_ttl"></a> [cert\_ttl](#input\_cert\_ttl) | Optional, Time-to-live (TTL) to assign to a private certificate | `string` | `"364d"` | no |
 | <a name="input_cert_uri_sans"></a> [cert\_uri\_sans](#input\_cert\_uri\_sans) | Optional, URI Subject Alternative Names (SANs) to define for the CA certificate, in a comma-delimited list | `string` | `null` | no |
 | <a name="input_cert_version_custom_metadata"></a> [cert\_version\_custom\_metadata](#input\_cert\_version\_custom\_metadata) | Optional, Custom version metadata for the certificate to be created | `map(string)` | `{}` | no |
 | <a name="input_exclude_cn_from_sans"></a> [exclude\_cn\_from\_sans](#input\_exclude\_cn\_from\_sans) | Optional, Controls whether the common name is excluded from Subject Alternative Names (SANs). If set to true, the common name is not included in DNS or Email SANs if they apply | `bool` | `false` | no |

examples/default/main.tf

@@ -42,7 +42,7 @@ module "private_secret_engine" {
   intermediate_ca_name      = var.intermediate_ca_name
   certificate_template_name = var.certificate_template_name
   root_ca_common_name       = "terraform-modules.ibm.com"
-  root_ca_max_ttl           = "8760h"
+  root_ca_max_ttl           = "87600h"
 }
 
 module "secrets_manager_private_certificate" {

variables.tf

@@ -156,7 +156,7 @@ variable "cert_rotation" {
   description = "Optional, Rotation policy for the certificate to be created"
   default = {
     auto_rotate = true
-    interval    = 1
+    interval    = 12
     unit        = "month"
   }
 
@@ -196,7 +196,7 @@ variable "cert_uri_sans" {
 variable "cert_ttl" {
   type        = string
   description = "Optional, Time-to-live (TTL) to assign to a private certificate"
-  default     = null
+  default     = "364d"
 
   validation {
     condition     = var.cert_ttl == null ? true : can(regex("^[0-9]+[s,m,h,d]{0,1}$", var.cert_ttl))