From cb9a9ab3733857334205cc64ca4c39800fc188ad Mon Sep 17 00:00:00 2001
From: luigi-bitonti <93377317+luigi-bitonti@users.noreply.github.com>
Date: Wed, 7 Feb 2024 16:47:49 +0100
Subject: [PATCH] Added destroy_scheduled_duration variable (#2053)
* Added destroy_scheduled_duration variable
* Fix doc
* Removed default value
---
modules/kms/README.md | 6 +++---
modules/kms/main.tf | 1 +
modules/kms/variables.tf | 1 +
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/modules/kms/README.md b/modules/kms/README.md
index e11dd1af96..2a269c4fe5 100644
--- a/modules/kms/README.md
+++ b/modules/kms/README.md
@@ -120,14 +120,14 @@ module "kms" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [keyring](variables.tf#L64) | Keyring attributes. | object({…}) | ✓ | |
-| [project_id](variables.tf#L114) | Project id where the keyring will be created. | string | ✓ | |
+| [project_id](variables.tf#L115) | Project id where the keyring will be created. | string | ✓ | |
| [iam](variables.tf#L17) | Keyring IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
| [iam_bindings](variables.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} |
| [iam_bindings_additive](variables.tf#L39) | Keyring individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
| [import_job](variables.tf#L54) | Keyring import job attributes. | object({…}) | | null |
| [keyring_create](variables.tf#L72) | Set to false to manage keys and IAM bindings in an existing keyring. | bool | | true |
-| [keys](variables.tf#L78) | Key names and base attributes. Set attributes to null if not needed. | map(object({…})) | | {} |
-| [tag_bindings](variables.tf#L119) | Tag bindings for this keyring, in key => tag value id format. | map(string) | | {} |
+| [keys](variables.tf#L78) | Key names and base attributes. Set attributes to null if not needed. | map(object({…})) | | {} |
+| [tag_bindings](variables.tf#L120) | Tag bindings for this keyring, in key => tag value id format. | map(string) | | {} |
## Outputs
diff --git a/modules/kms/main.tf b/modules/kms/main.tf
index b240706b10..8981187684 100644
--- a/modules/kms/main.tf
+++ b/modules/kms/main.tf
@@ -40,6 +40,7 @@ resource "google_kms_crypto_key" "default" {
for_each = var.keys
key_ring = local.keyring.id
name = each.key
+ destroy_scheduled_duration = each.value.destroy_scheduled_duration
rotation_period = each.value.rotation_period
labels = each.value.labels
purpose = each.value.purpose
diff --git a/modules/kms/variables.tf b/modules/kms/variables.tf
index 52de838903..2708a7f7cf 100644
--- a/modules/kms/variables.tf
+++ b/modules/kms/variables.tf
@@ -78,6 +78,7 @@ variable "keyring_create" {
variable "keys" {
description = "Key names and base attributes. Set attributes to null if not needed."
type = map(object({
+ destroy_scheduled_duration = optional(string)
rotation_period = optional(string)
labels = optional(map(string))
purpose = optional(string, "ENCRYPT_DECRYPT")