From 180f1da806b4c9d1eae5a2d52ce17849b90078de Mon Sep 17 00:00:00 2001 From: Paul Wheeler <paul@free-side.net> Date: Thu, 2 May 2024 11:13:56 -1000 Subject: [PATCH] Added a variable for specifying additional secret names. (#10) Flags for enabling IAM policies for predefined app specific secrets are now deprecated. --- iam.tf | 9 +++++++-- variables.tf | 16 ++++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/iam.tf b/iam.tf index 0aa67b2..b2e05c9 100644 --- a/iam.tf +++ b/iam.tf @@ -42,8 +42,13 @@ locals { "batcave/defectdojo-rabbitmq-specific", "batcave/defectdojo-redis-specific" ] - include_gitlab_secrets = var.enable_gitlab_secret_arns == true ? concat(local.secret_names, local.gitlab_secret_names) : local.secret_names - all_secret_names = var.enable_defectdojo_secret_arns == true ? concat(local.include_gitlab_secrets, local.defectdojo_secret_names) : local.include_gitlab_secrets + include_gitlab_secrets = var.enable_gitlab_secret_arns == true ? concat(local.secret_names, local.gitlab_secret_names) : local.secret_names + + all_secret_names = ( + var.enable_defectdojo_secret_arns == true ? + concat(local.include_gitlab_secrets, local.defectdojo_secret_names, var.additional_secret_names) : + concat(local.include_gitlab_secrets, var.additional_secret_names) + ) } output "secret_arns"{ diff --git a/variables.tf b/variables.tf index 66b7827..62951b4 100644 --- a/variables.tf +++ b/variables.tf @@ -60,13 +60,21 @@ variable "external_secrets_service_accounts" { } variable "enable_gitlab_secret_arns" { - type = bool - default = false + description = "DEPRECATED: when set to true enables creation of IAM policies for GitLab secrets. Use additional_secret_names instead." + type = bool + default = false } variable "enable_defectdojo_secret_arns" { - type = bool - default = false + description = "DEPRECATED: when set to true enables creation of IAM policies for DefectDojo secrets. Use additional_secret_names instead." + type = bool + default = false +} + +variable "additional_secret_names" { + description = "A list of additional secret names to create IAM policies for." + type = list(string) + default = [] } variable "aws_region" {