-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACM submodule: fix bug when not using ssh
secret type
#679
ACM submodule: fix bug when not using ssh
secret type
#679
Conversation
Thanks for the PR! 🚀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
@cloud-pharaoh looks like there maybe some nit formatting issue. |
Hold off on merging this one. I found an issue with template interpolation. |
@bharathkkb I am not super happy with creating an ssh key and not using but couldn't find a better solution to the interpolation error. Can you take a look and let me know if there is a better way? Basically if an existing key is used, |
@cloud-pharaoh if an existing key is used and |
In existing code: In case of using a different secret type. Not ssh. Module k8sop_cred_secret.enabled will be false and won’t run but even though that’s the case terraform plan runs into an interpolation error because local.private_key is null. |
I see kubectl_create_command = "kubectl create secret generic ${var.operator_credential_name} -n=${var.operator_credential_namespace} --from-literal=${local.k8sop_creds_secret_key}='${var.secret_type != "ssh" && local.private_key == null ? "" : local.private_key}'" This does seem like a tf limitation. I was able to repro with this minimal config. locals {
test_var = null
}
resource "random_pet" "foo" {
count = local.test_var == "bar" ? 1 : 0
prefix = "foo-${local.test_var}"
}
@morgante any thoughts? |
What is the underlying error we're encountering here? I don't want to assume that SSH is the only permissable credential type. It seems like a few fixes are needed:
|
@morgante IIUC the underlying error is we do not want |
@bharathkkb correct. The secret was created regardless of secret type. After adding the enabled flag to |
@cloud-pharaoh Looking good, just need to reformat. |
@morgante done :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
#688 for the issue we discussed offline
…terraform-google-modules#679) * Add enabled flag to git-creds creation * change to true/false * fix ssh * terraform format * create key regardless to avoid interpolation error * change enabled condition and add inline expression * move to module * format
Module failed as it tried to create
git-creds
secret regardless of secret type. Add enabled flag to k8sop_creds_secret module.