feat: support adding secrets from secret manager (#123)

terraform-google-modules · May 12, 2023 · 5b8f226 · 5b8f226
1 parent 1acd373
commit 5b8f226
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -49,6 +49,7 @@ Then perform the following commands on the root folder:
 | function\_max\_instances | The maximum number of parallel executions of the function. | `number` | `null` | no |
 | function\_name | The name to apply to the function | `string` | n/a | yes |
 | function\_runtime | The runtime in which the function will be executed. | `string` | `"nodejs10"` | no |
+| function\_secret\_environment\_variables | A list of maps which contains key, project\_id, secret\_name (not the full secret id) and version to assign to the function as a set of secret environment variables. | `list(map(string))` | `[]` | no |
 | function\_service\_account\_email | The service account to run the function as. | `string` | `""` | no |
 | function\_source\_archive\_bucket\_labels | A set of key/value label pairs to assign to the function source archive bucket. | `map(string)` | `{}` | no |
 | function\_source\_dependent\_files | A list of any terraform created `local_file`s that the module will wait for before creating the archive. | <pre>list(object({<br>    filename = string<br>    id       = string<br>  }))</pre> | `[]` | no |

diff --git a/main.tf b/main.tf
@@ -59,7 +59,7 @@ resource "random_id" "suffix" {
 
 module "main" {
   source  = "terraform-google-modules/event-function/google"
-  version = "~> 1.6"
+  version = "~> 2.5"
 
   entry_point = var.function_entry_point
   event_trigger = {
@@ -80,6 +80,7 @@ module "main" {
   bucket_name                        = var.bucket_name == "" ? "${var.project_id}-scheduled-function-${random_id.suffix.hex}" : var.bucket_name
   description                        = var.function_description
   environment_variables              = var.function_environment_variables
+  secret_environment_variables       = var.function_secret_environment_variables
   event_trigger_failure_policy_retry = var.function_event_trigger_failure_policy_retry
   labels                             = var.function_labels
   service_account_email              = var.function_service_account_email

diff --git a/variables.tf b/variables.tf
@@ -60,6 +60,12 @@ variable "function_environment_variables" {
   description = "A set of key/value environment variable pairs to assign to the function."
 }
 
+variable "function_secret_environment_variables" {
+  type        = list(map(string))
+  default     = []
+  description = "A list of maps which contains key, project_id, secret_name (not the full secret id) and version to assign to the function as a set of secret environment variables."
+}
+
 variable "function_event_trigger_failure_policy_retry" {
   type        = bool
   default     = false