fix naming for infra vault (#298)

swiknaba · web-flow · commit 956af9356d1e · 2024-01-31T09:04:36.000+01:00
diff --git a/iam/iam-policy-for-secrets/locals.tf b/iam/iam-policy-for-secrets/locals.tf
@@ -15,11 +15,11 @@ locals {
 
   secretmanager_arns = concat(
     values(data.aws_secretsmanager_secret.app)[*].arn,
-    values(data.aws_secretsmanager_secret.terraform)[*].arn,
+    values(data.aws_secretsmanager_secret.infra)[*].arn,
   )
 
   kms_ids = concat(
     values(data.aws_secretsmanager_secret.app)[*].kms_key_id,
-    values(data.aws_secretsmanager_secret.terraform)[*].kms_key_id,
+    values(data.aws_secretsmanager_secret.infra)[*].kms_key_id,
   )
 }
diff --git a/iam/iam-policy-for-secrets/main.tf b/iam/iam-policy-for-secrets/main.tf
@@ -6,12 +6,12 @@ data "aws_secretsmanager_secret" "app" {
   name = "${each.value.name}/app/${each.value.environment}"
 }
 
-data "aws_secretsmanager_secret" "terraform" {
+data "aws_secretsmanager_secret" "infra" {
   for_each = {
     for project in local.admin_access_projects : "${project.name}-${project.environment}" => project
   }
 
-  name = "${each.value.name}/app/${each.value.environment}"
+  name = "${each.value.name}/infra/${each.value.environment}"
 }
 
 data "aws_kms_key" "secrets" {
diff --git a/script/database-roles/main.tf b/script/database-roles/main.tf
@@ -2,13 +2,13 @@ data "aws_db_instance" "main" {
   db_instance_identifier = var.db_identifier
 }
 
-data "aws_secretsmanager_secret_version" "terraform" {
-  secret_id = "${var.project}/terraform/${var.environment}"
+data "aws_secretsmanager_secret_version" "infra" {
+  secret_id = "${var.project}/infra/${var.environment}"
 }
 
 locals {
   credentials = jsondecode(
-    data.aws_secretsmanager_secret_version.terraform.secret_string
+    data.aws_secretsmanager_secret_version.infra.secret_string
   )
 }
 
@@ -39,4 +39,3 @@ resource "null_resource" "database_script" {
     working_dir = path.module
   }
 }
-
diff --git a/stack/app/secrets.tf b/stack/app/secrets.tf
@@ -1,10 +1,10 @@
 locals {
   credentials = jsondecode(
-    data.aws_secretsmanager_secret_version.terraform.secret_string
+    data.aws_secretsmanager_secret_version.infra.secret_string
   )
 }
 
-data "aws_secretsmanager_secret_version" "terraform" {
+data "aws_secretsmanager_secret_version" "infra" {
   secret_id = "${var.project}/infra/${var.environment}"
 }
 
diff --git a/stack/setup/main.tf b/stack/setup/main.tf
@@ -39,8 +39,8 @@ resource "aws_secretsmanager_secret_version" "app" {
   secret_string = file("${path.cwd}/app-secrets.json")
 }
 
-resource "aws_secretsmanager_secret_version" "terraform" {
-  secret_id     = module.secrets["terraform"].id
+resource "aws_secretsmanager_secret_version" "infra" {
+  secret_id     = module.secrets["infra"].id
   secret_string = file("${path.cwd}/infra-secrets.json")
 }
 
diff --git a/stack/setup/outputs.tf b/stack/setup/outputs.tf
@@ -3,15 +3,15 @@ output "app_secrets_arn" {
 }
 
 output "terraform_secrets_arn" {
-  value = module.secrets["terraform"].arn
+  value = module.secrets["infra"].arn
 }
 
 output "app_secrets-kms-key" {
   value = module.secrets-kms-key["app"].arn
 }
 
 output "terraform_secrets-kms-key" {
-  value = module.secrets-kms-key["terraform"].arn
+  value = module.secrets-kms-key["infra"].arn
 }
 
 output "eips-nat" {

Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,11 @@ locals {`
`15`	`15`
`16`	`16`	`secretmanager_arns = concat(`
`17`	`17`	`values(data.aws_secretsmanager_secret.app)[*].arn,`
`18`		`- values(data.aws_secretsmanager_secret.terraform)[*].arn,`
	`18`	`+ values(data.aws_secretsmanager_secret.infra)[*].arn,`
`19`	`19`	`)`
`20`	`20`
`21`	`21`	`kms_ids = concat(`
`22`	`22`	`values(data.aws_secretsmanager_secret.app)[*].kms_key_id,`
`23`		`- values(data.aws_secretsmanager_secret.terraform)[*].kms_key_id,`
	`23`	`+ values(data.aws_secretsmanager_secret.infra)[*].kms_key_id,`
`24`	`24`	`)`
`25`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,12 +6,12 @@ data "aws_secretsmanager_secret" "app" {`
`6`	`6`	`name = "${each.value.name}/app/${each.value.environment}"`
`7`	`7`	`}`
`8`	`8`
`9`		`-data "aws_secretsmanager_secret" "terraform" {`
	`9`	`+data "aws_secretsmanager_secret" "infra" {`
`10`	`10`	`for_each = {`
`11`	`11`	`for project in local.admin_access_projects : "${project.name}-${project.environment}" => project`
`12`	`12`	`}`
`13`	`13`
`14`		`- name = "${each.value.name}/app/${each.value.environment}"`
	`14`	`+ name = "${each.value.name}/infra/${each.value.environment}"`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`data "aws_kms_key" "secrets" {`
Original file line number	Diff line number	Diff line change
`@@ -2,13 +2,13 @@ data "aws_db_instance" "main" {`
`2`	`2`	`db_instance_identifier = var.db_identifier`
`3`	`3`	`}`
`4`	`4`
`5`		`-data "aws_secretsmanager_secret_version" "terraform" {`
`6`		`- secret_id = "${var.project}/terraform/${var.environment}"`
	`5`	`+data "aws_secretsmanager_secret_version" "infra" {`
	`6`	`+ secret_id = "${var.project}/infra/${var.environment}"`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`locals {`
`10`	`10`	`credentials = jsondecode(`
`11`		`- data.aws_secretsmanager_secret_version.terraform.secret_string`
	`11`	`+ data.aws_secretsmanager_secret_version.infra.secret_string`
`12`	`12`	`)`
`13`	`13`	`}`
`14`	`14`
`@@ -39,4 +39,3 @@ resource "null_resource" "database_script" {`
`39`	`39`	`working_dir = path.module`
`40`	`40`	`}`
`41`	`41`	`}`
`42`		`-`
Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`locals {`
`2`	`2`	`credentials = jsondecode(`
`3`		`- data.aws_secretsmanager_secret_version.terraform.secret_string`
	`3`	`+ data.aws_secretsmanager_secret_version.infra.secret_string`
`4`	`4`	`)`
`5`	`5`	`}`
`6`	`6`
`7`		`-data "aws_secretsmanager_secret_version" "terraform" {`
	`7`	`+data "aws_secretsmanager_secret_version" "infra" {`
`8`	`8`	`secret_id = "${var.project}/infra/${var.environment}"`
`9`	`9`	`}`
`10`	`10`
Original file line number	Diff line number	Diff line change
`@@ -39,8 +39,8 @@ resource "aws_secretsmanager_secret_version" "app" {`
`39`	`39`	`secret_string = file("${path.cwd}/app-secrets.json")`
`40`	`40`	`}`
`41`	`41`
`42`		`-resource "aws_secretsmanager_secret_version" "terraform" {`
`43`		`- secret_id = module.secrets["terraform"].id`
	`42`	`+resource "aws_secretsmanager_secret_version" "infra" {`
	`43`	`+ secret_id = module.secrets["infra"].id`
`44`	`44`	`secret_string = file("${path.cwd}/infra-secrets.json")`
`45`	`45`	`}`
`46`	`46`
Original file line number	Diff line number	Diff line change
`@@ -3,15 +3,15 @@ output "app_secrets_arn" {`
`3`	`3`	`}`
`4`	`4`
`5`	`5`	`output "terraform_secrets_arn" {`
`6`		`- value = module.secrets["terraform"].arn`
	`6`	`+ value = module.secrets["infra"].arn`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`output "app_secrets-kms-key" {`
`10`	`10`	`value = module.secrets-kms-key["app"].arn`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`output "terraform_secrets-kms-key" {`
`14`		`- value = module.secrets-kms-key["terraform"].arn`
	`14`	`+ value = module.secrets-kms-key["infra"].arn`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`output "eips-nat" {`