feat: allow secrets created in secrets sub-module to be marked as hmac (#247)

Author: kierramarie

modules/secrets/README.md

@@ -66,7 +66,7 @@ module "secrets_manager" {
 | <a name="input_endpoint_type"></a> [endpoint\_type](#input\_endpoint\_type) | The service endpoint type to communicate with the provided secrets manager instance. Possible values are `public` or `private` | `string` | `"public"` | no |
 | <a name="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid) | Instance ID of Secrets Manager instance in which the Secret will be added. | `string` | n/a | yes |
 | <a name="input_existing_sm_instance_region"></a> [existing\_sm\_instance\_region](#input\_existing\_sm\_instance\_region) | Region which the Secret Manager is deployed. | `string` | n/a | yes |
-| <a name="input_secrets"></a> [secrets](#input\_secrets) | Secret Manager secrets configurations. | <pre>list(object({<br/>    secret_group_name        = string<br/>    secret_group_description = optional(string)<br/>    existing_secret_group    = optional(bool, false)<br/>    secrets = optional(list(object({<br/>      secret_name                             = string<br/>      secret_description                      = optional(string)<br/>      secret_type                             = optional(string)<br/>      imported_cert_certificate               = optional(string)<br/>      imported_cert_private_key               = optional(string)<br/>      imported_cert_intermediate              = optional(string)<br/>      secret_username                         = optional(string)<br/>      secret_labels                           = optional(list(string), [])<br/>      secret_payload_password                 = optional(string, "")<br/>      secret_auto_rotation                    = optional(bool, true)<br/>      secret_auto_rotation_unit               = optional(string, "day")<br/>      secret_auto_rotation_interval           = optional(number, 89)<br/>      service_credentials_ttl                 = optional(string, "7776000") # 90 days<br/>      service_credentials_source_service_crn  = optional(string)<br/>      service_credentials_source_service_role = optional(string)<br/>    })))<br/>  }))</pre> | `[]` | no |
+| <a name="input_secrets"></a> [secrets](#input\_secrets) | Secret Manager secrets configurations. | <pre>list(object({<br/>    secret_group_name        = string<br/>    secret_group_description = optional(string)<br/>    existing_secret_group    = optional(bool, false)<br/>    secrets = optional(list(object({<br/>      secret_name                             = string<br/>      secret_description                      = optional(string)<br/>      secret_type                             = optional(string)<br/>      imported_cert_certificate               = optional(string)<br/>      imported_cert_private_key               = optional(string)<br/>      imported_cert_intermediate              = optional(string)<br/>      secret_username                         = optional(string)<br/>      secret_labels                           = optional(list(string), [])<br/>      secret_payload_password                 = optional(string, "")<br/>      secret_auto_rotation                    = optional(bool, true)<br/>      secret_auto_rotation_unit               = optional(string, "day")<br/>      secret_auto_rotation_interval           = optional(number, 89)<br/>      service_credentials_ttl                 = optional(string, "7776000") # 90 days<br/>      service_credentials_source_service_crn  = optional(string)<br/>      service_credentials_source_service_role = optional(string)<br/>      service_credentials_source_service_hmac = optional(bool, false)<br/>    })))<br/>  }))</pre> | `[]` | no |
 
 ### Outputs
 

modules/secrets/main.tf

@@ -72,4 +72,5 @@ module "secrets" {
   service_credentials_ttl                 = each.value.service_credentials_ttl
   service_credentials_source_service_crn  = each.value.service_credentials_source_service_crn
   service_credentials_source_service_role = each.value.service_credentials_source_service_role
+  service_credentials_source_service_hmac = each.value.service_credentials_source_service_hmac
 }

modules/secrets/variables.tf

@@ -39,6 +39,7 @@ variable "secrets" {
       service_credentials_ttl                 = optional(string, "7776000") # 90 days
       service_credentials_source_service_crn  = optional(string)
       service_credentials_source_service_role = optional(string)
+      service_credentials_source_service_hmac = optional(bool, false)
     })))
   }))
   description = "Secret Manager secrets configurations."