google_secret_manager_secret in for_each loop returns Error 400: Secret must be provided.

[nikkatalnikov]

Affected Resource(s)

• google_secret_manager_secret

Trying to create multiple secrets from the JSON collection:

resource "google_secret_manager_secret" "secret-general" {
  project       = "modern-project-123"
  for_each      = local.general_secrets
  secret_id     = each.key

  replication {
    automatic = false
  }
}

resource "google_secret_manager_secret_version" "secret-version-general" {
  for_each      = google_secret_manager_secret.secret-general
  secret        = each.value.name
  secret_data   = local.general_secrets[each.key]
}

And getting an error

│ Error: Error creating Secret: googleapi: Error 400: Secret must be provided.
│ 
│   with google_secret_manager_secret.secret-general["API_KEY"],
│   on 02-general-secrets.tf line 1, in resource "google_secret_manager_secret" "secret-general":
│    1: resource "google_secret_manager_secret" "secret-general" {
│ 

Env:

Terraform v1.1.2 on darwin_amd64
provider registry.terraform.io/hashicorp/google v4.15.0

Is that a bug or what am i doing wrong? Thank you!

b/301412033

[nikkatalnikov]

I found that it works with

  replication {
    automatic = true
  }

but why?

[rileykarson]

The error message received from the API is confusing if that solves it- my guess is that either automatic must be true, or self_managed must be set w/ at least one replicas option defined.

Does a configuration like the following work?

resource "google_secret_manager_secret" "secret-general" {
  project       = "modern-project-123"
  for_each      = local.general_secrets
  secret_id     = each.key

  replication {
    user_managed {
      replicas {
        location = "us-central1"
      }
      replicas {
        location = "us-east1"
      }
    }
  }
}

resource "google_secret_manager_secret_version" "secret-version-general" {
  for_each      = google_secret_manager_secret.secret-general
  secret        = each.value.name
  secret_data   = local.general_secrets[each.key]
}

[nikkatalnikov]

@rileykarson
I can confirm it works if replication is set like in your example

[nikkatalnikov]

probably it worth to fix an error message to resolve the issue?

[slevenick]

Fixed in 5.0+

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.