Skip to content

Commit

Permalink
Update to v5.x of terraform-provider-aws (#27)
Browse files Browse the repository at this point in the history 
Switch this and dependent modules to the v5.x of the Terraform AWS
provider to support the latest AWS features, like RDS' io2.

- Fix dynamic statement block

```
│   on .terraform/modules/production.auth_token/secret/main.tf line 43, in data "aws_iam_policy_document" "secret":
│   43:         identifiers = [statement.arn]
│
│ This object does not have an attribute named "arn".
```

https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks

- Fix user managed secret environment variables

NOTE: This cherry picks a commit from a [PR @jferris opened] to address the same issue.

  - Terraform was complaining about calling `nonsensitive` when the value
    wasn't sensitive; this forces the initial value to potentially be
    sensitive to avoid the error.
  - We can skip parsing out the environment variables for the user managed
    secret module, because they are passed in directly.

[PR @jferris opened]: #13
  • Loading branch information
@emilford
emilford authored Jan 7, 2025
1 parent d93c347 commit bab3192
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions secret/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ data "aws_iam_policy_document" "secret" {
]
principals {
type = "AWS"
identifiers = [statement.arn]
identifiers = [statement.value.arn]
}
}
}
Expand Down Expand Up @@ -136,7 +136,7 @@ data "aws_iam_policy_document" "key" {
resources = ["*"]
principals {
type = "AWS"
identifiers = [statement.arn]
identifiers = [statement.value.arn]
}
}
}
Expand Down Expand Up @@ -288,7 +288,7 @@ locals {
rotation_role_name = coalesce(var.rotation_role_name, "${var.name}-rotation")

env_vars = nonsensitive([
for key in try(keys(jsondecode(var.initial_value)), []) :
for key in try(keys(jsondecode(sensitive(var.initial_value))), []) :
key if upper(key) == key
])
}
2 changes: 1 addition & 1 deletion user-managed-secret/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ output "arn" {

output "environment_variables" {
description = "Environment variables provided by this secret"
value = module.secret.environment_variables
value = var.environment_variables
}

output "id" {
Expand Down

0 comments on commit bab3192

Please sign in to comment.