Skip to content

[terraform-ibm-secrets-manager] Add support to create service specific role credentials in the secrets submodule #269

New issue
New issue
Closed
Closed
[terraform-ibm-secrets-manager] Add support to create service specific role credentials in the secrets submodule#269
Assignees
shemau
Labels
internal-synced
@ocofaigh

Description

@ocofaigh
ocofaigh
opened on Jan 22, 2025

The changes in terraform-ibm-modules/terraform-ibm-secrets-manager-secret#249 need to be made in the secrets submodule:

variable "secrets" {
  type = list(object({
    secret_group_name        = string
    secret_group_description = optional(string)
    existing_secret_group    = optional(bool, false)
    secrets = optional(list(object({
      secret_name                             = string
      secret_description                      = optional(string)
      secret_type                             = optional(string)
      imported_cert_certificate               = optional(string)
      imported_cert_private_key               = optional(string)
      imported_cert_intermediate              = optional(string)
      secret_username                         = optional(string)
      secret_labels                           = optional(list(string), [])
      secret_payload_password                 = optional(string, "")
      secret_auto_rotation                    = optional(bool, true)
      secret_auto_rotation_unit               = optional(string, "day")
      secret_auto_rotation_interval           = optional(number, 89)
      service_credentials_ttl                 = optional(string, "7776000") # 90 days
      service_credentials_source_service_crn  = optional(string)
      service_credentials_source_service_role_crn = optional(string)  ## <----- updated to `service_credentials_source_service_role_crn`
      service_credentials_source_service_hmac = optional(bool, false)
    })))
  }))

Suggest to add variable validation to use regex to ensure the value is in the format of a CRN string

Metadata

Metadata

Assignees

Labels

internal-synced

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions