From 180f1da806b4c9d1eae5a2d52ce17849b90078de Mon Sep 17 00:00:00 2001
From: Paul Wheeler <paul@free-side.net>
Date: Thu, 2 May 2024 11:13:56 -1000
Subject: [PATCH] Added a variable for specifying additional secret names.
 (#10)

Flags for enabling IAM policies for predefined app specific secrets are now deprecated.
---
 iam.tf       |  9 +++++++--
 variables.tf | 16 ++++++++++++----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/iam.tf b/iam.tf
index 0aa67b2..b2e05c9 100644
--- a/iam.tf
+++ b/iam.tf
@@ -42,8 +42,13 @@ locals {
         "batcave/defectdojo-rabbitmq-specific",
         "batcave/defectdojo-redis-specific"
     ]
-    include_gitlab_secrets     = var.enable_gitlab_secret_arns == true ? concat(local.secret_names, local.gitlab_secret_names) : local.secret_names
-    all_secret_names           = var.enable_defectdojo_secret_arns == true ? concat(local.include_gitlab_secrets, local.defectdojo_secret_names) : local.include_gitlab_secrets
+    include_gitlab_secrets = var.enable_gitlab_secret_arns == true ? concat(local.secret_names, local.gitlab_secret_names) : local.secret_names
+
+    all_secret_names = (
+      var.enable_defectdojo_secret_arns == true ?
+        concat(local.include_gitlab_secrets, local.defectdojo_secret_names, var.additional_secret_names) :
+        concat(local.include_gitlab_secrets, var.additional_secret_names)
+    )
 }
 
 output "secret_arns"{
diff --git a/variables.tf b/variables.tf
index 66b7827..62951b4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -60,13 +60,21 @@ variable "external_secrets_service_accounts" {
 }
 
 variable "enable_gitlab_secret_arns" {
-  type    = bool
-  default = false
+  description = "DEPRECATED: when set to true enables creation of IAM policies for GitLab secrets. Use additional_secret_names instead."
+  type        = bool
+  default     = false
 }
 
 variable "enable_defectdojo_secret_arns" {
-  type    = bool
-  default = false
+  description = "DEPRECATED: when set to true enables creation of IAM policies for DefectDojo secrets. Use additional_secret_names instead."
+  type        = bool
+  default     = false
+}
+
+variable "additional_secret_names" {
+  description = "A list of additional secret names to create IAM policies for."
+  type        = list(string)
+  default     = []
 }
 
 variable "aws_region" {