fix(terraform/k8s-secrets): filtering secrets without versions#423
Open
micheledellipaoli-pagopa wants to merge 3 commits intomainfrom
Open
fix(terraform/k8s-secrets): filtering secrets without versions#423micheledellipaoli-pagopa wants to merge 3 commits intomainfrom
micheledellipaoli-pagopa wants to merge 3 commits intomainfrom
Conversation
micheledellipaoli-pagopa
requested review from
beetlecrunch,
galales and
micdes-pagopa
as code owners
…a bash script to filter secrets
micheledellipaoli-pagopa
changed the title
micheledellipaoli-pagopa
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR allows to handle secrets with no secret versions (PIN-8629).
In details, the
aws_secretsmanager_secret_version.filtereddata source uses afor_eachmeta argument to obtain the latest secret version for every secret obtained by theaws_secretsmanager_secret.tagged_objectdata source.However, if a secret has no secret versions, the
aws_secretsmanager_secret_version.filtereddata source ends up in error.Unfortunately, there is no way to understand if a secret has a secret version based on its attributes.
The only way to filter secrets to get only those with at least one secret version is to use a data external that runs a bash script.
Such script checks, for each secret taken as input, if the secret has at least one version: if so, it adds the name of the secret to the output list.
Finally, it returns the output list (containing the name of the secrets having at least one version) as json string.