Skip to content

Commit 28e2bd6

Browse files
filippolmtfilippolmt
committed
feature: Set sensitive variables
1 parent 2aa7fe4 commit 28e2bd6

File tree

4 files changed

+33
-20
lines changed

4 files changed

+33
-20
lines changed

cloudsql_dumps_bucket.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ resource "google_storage_bucket" "cloudsql_dumps" {
3535

3636
lifecycle_rule {
3737
action {
38-
type = "SetStorageClass"
38+
type = "SetStorageClass"
3939
storage_class = "COLDLINE"
4040
}
4141
condition {

examples/test.tfvars

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ my_drupal_projects_list = [
1515
bucket_name = "test-project-bucket-name"
1616
bucket_append_random_suffix = false
1717
bucket_enable_disaster_recovery = false
18-
bucket_labels = {
18+
bucket_labels = {
1919
"project" = "test-project"
2020
"env" = "stage"
2121
}

secrets.tf

Lines changed: 30 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,32 @@ locals {
22
map_of_drupal_buckets = var.create_buckets == true ? {
33
for o in local.drupal_buckets_list : o.name => o
44
} : {}
5-
map_of_drupal_databases = trimspace(var.cloudsql_instance_name) != "" && trimspace(var.cloudsql_privileged_user_name) != "" && trimspace(var.cloudsql_privileged_user_password) != "" && var.create_databases_and_users == true ? {
5+
6+
map_of_drupal_databases = (
7+
trimspace(var.cloudsql_instance_name) != "" &&
8+
trimspace(var.cloudsql_privileged_user_name) != "" &&
9+
trimspace(var.cloudsql_privileged_user_password) != "" &&
10+
var.create_databases_and_users == true
11+
) ? {
612
for o in local.drupal_database_and_user_list : o.database => o
713
} : {}
8-
map_of_output_drupal_databases = trimspace(var.cloudsql_instance_name) != "" && trimspace(var.cloudsql_privileged_user_name) != "" && trimspace(var.cloudsql_privileged_user_password) != "" && var.create_databases_and_users == true ? {
14+
15+
map_of_output_drupal_databases = (
16+
trimspace(var.cloudsql_instance_name) != "" &&
17+
trimspace(var.cloudsql_privileged_user_name) != "" &&
18+
trimspace(var.cloudsql_privileged_user_password) != "" &&
19+
var.create_databases_and_users == true
20+
) ? {
921
for o in module.drupal_databases_and_users[0].sql_users_creds : o.database => o
1022
} : {}
23+
24+
drupal_databases_keys = (
25+
var.create_databases_and_users == true ?
26+
[
27+
for o in local.drupal_database_and_user_list : o.database
28+
if trimspace(o.namespace) != ""
29+
] : []
30+
)
1131
}
1232

1333
resource "kubernetes_secret" "bucket_secret_name" {
@@ -17,13 +37,10 @@ resource "kubernetes_secret" "bucket_secret_name" {
1737
}
1838

1939
metadata {
20-
# If not specified, we suppose that the Helm release name is defined with
21-
# the following convention (the default of sparkfabrik/pkg_drupal):
22-
# PKG_DRUPAL_HELM_RELEASE_NAME: drupal-${CI_COMMIT_REF_SLUG}-${CI_PROJECT_ID}
2340
name = each.value.helm_release_name == null ? "drupal-${each.value.release_branch_name}-${each.value.project_id}-bucket" : "${each.value.helm_release_name}-bucket"
2441
namespace = var.use_existing_kubernetes_namespaces ? each.value.namespace : kubernetes_namespace.namespace[each.value.namespace].metadata[0].name
2542
annotations = {}
26-
labels = var.default_k8s_labels
43+
labels = var.default_k8s_labels
2744
}
2845
data = {
2946
"endpoint" = each.value.host
@@ -35,22 +52,17 @@ resource "kubernetes_secret" "bucket_secret_name" {
3552
}
3653

3754
resource "kubernetes_secret" "database_secret_name" {
38-
for_each = {
39-
for o in local.map_of_drupal_databases : o.database => o
40-
if trimspace(o.namespace) != "" && var.create_databases_and_users == true
41-
}
55+
for_each = toset(local.drupal_databases_keys)
56+
4257
metadata {
43-
# If not specified, we suppose that the Helm release name is defined with
44-
# the following convention (the default of sparkfabrik/pkg_drupal):
45-
# PKG_DRUPAL_HELM_RELEASE_NAME: drupal-${CI_COMMIT_REF_SLUG}-${CI_PROJECT_ID}
46-
name = each.value.helm_release_name == null ? "drupal-${each.value.release_branch_name}-${each.value.project_id}-db-user" : "${each.value.helm_release_name}-db-user"
47-
namespace = var.use_existing_kubernetes_namespaces ? each.value.namespace : kubernetes_namespace.namespace[each.value.namespace].metadata[0].name
58+
name = local.map_of_drupal_databases[each.key].helm_release_name == null ? "drupal-${local.map_of_drupal_databases[each.key].release_branch_name}-${local.map_of_drupal_databases[each.key].project_id}-db-user" : "${local.map_of_drupal_databases[each.key].helm_release_name}-db-user"
59+
namespace = var.use_existing_kubernetes_namespaces ? local.map_of_drupal_databases[each.key].namespace : kubernetes_namespace.namespace[local.map_of_drupal_databases[each.key].namespace].metadata[0].name
4860
annotations = {}
49-
labels = var.default_k8s_labels
61+
labels = var.default_k8s_labels
5062
}
5163
data = {
52-
"endpoint" = each.value.host != null ? each.value.host : ""
53-
"port" = each.value.port
64+
"endpoint" = local.map_of_drupal_databases[each.key].host != null ? local.map_of_drupal_databases[each.key].host : ""
65+
"port" = local.map_of_drupal_databases[each.key].port
5466
"database" = local.map_of_output_drupal_databases[each.key].database
5567
"username" = local.map_of_output_drupal_databases[each.key].user
5668
"password" = local.map_of_output_drupal_databases[each.key].password

variables.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ variable "cloudsql_privileged_user_name" {
2323
variable "cloudsql_privileged_user_password" {
2424
type = string
2525
description = "The password of the privileged user of the Cloud SQL instance"
26+
sensitive = true
2627
default = ""
2728
}
2829

0 commit comments

Comments
 (0)