Skip to content

Commit 5a49cfb

Browse files
author
Arya Girish K
committed
fix: Resolved conflicts and updated validation
1 parent 6ee9d4f commit 5a49cfb

File tree

2 files changed

+2
-14
lines changed

2 files changed

+2
-14
lines changed

modules/eso-external-secret/main.tf

-12
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,6 @@ locals {
1111
# dockerjsonconfig secrets chain flag
1212
is_dockerjsonconfig_chain = length(var.es_container_registry_secrets_chain) > 0 ? true : false
1313

14-
# validation for dockerjsonconfig secrets chain -> if it is a chain the kube secret type must be dockerconfigjson and sm secret types iam_credentials or trusted_profile
15-
validate_condition_chain = local.is_dockerjsonconfig_chain == true && (var.es_kubernetes_secret_type != "dockerconfigjson" || (var.sm_secret_type != "iam_credentials" && var.sm_secret_type != "trusted_profile")) # checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
16-
validate_msg_chain = "If the externalsecret is expected to generate a dockerjsonconfig secrets chain the only supported value for es_kubernetes_secret_type is dockerconfigjson and for sm_secret_type is iam_credentials or trusted_profile"
17-
# tflint-ignore: terraform_unused_declarations
18-
validate_check_chain = regex("^${local.validate_msg_chain}$", (!local.validate_condition_chain ? local.validate_msg_chain : ""))
19-
20-
# validation of sm_secret_id => it can be null only in the case of a dockerjsonconfig chain (secret_ids will be stored )
21-
validate_condition_sm_secret_id = var.sm_secret_id == null && local.is_dockerjsonconfig_chain == false
22-
validate_msg_sm_secret_id = "The input variable sm_secret_id can be null only a dockerjsonconfig secrets chain is going to be created"
23-
# tflint-ignore: terraform_unused_declarations
24-
validate_check_sm_secret_id = regex("^${local.validate_msg_sm_secret_id}$", (!local.validate_condition_sm_secret_id ? local.validate_msg_sm_secret_id : ""))
25-
2614
# for certificate secrets public_cert and private_cert the id is the last part of the sm_secret_sm
2715
cert_remoteref_key = local.is_certificate ? "${var.sm_secret_type}/${var.sm_secret_id}" : ""
2816
# defining the template data structure according to the type of certificate

modules/eso-external-secret/variables.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,8 @@ variable "es_kubernetes_secret_type" {
5050
error_message = "A value for 'es_kubernetes_secret_data_key' must be passed when 'es_kubernetes_secret_type = opaque' and 'sm_secret_type' is either 'arbitrary' or 'iam_credentials'"
5151
}
5252
validation {
53-
condition = (local.is_dockerjsonconfig_chain == true && (var.es_kubernetes_secret_type != "dockerconfigjson" || var.sm_secret_type != "iam_credentials")) ? false : true
54-
error_message = "If the externalsecret is expected to generate a dockerjsonconfig secrets chain the only supported value for es_kubernetes_secret_type is dockerconfigjson and for sm_secret_type is iam_credentials"
53+
condition = (local.is_dockerjsonconfig_chain == true && (var.es_kubernetes_secret_type != "dockerconfigjson" || (var.sm_secret_type != "iam_credentials" && var.sm_secret_type != "trusted_profile"))) ? false : true
54+
error_message = "If the externalsecret is expected to generate a dockerjsonconfig secrets chain the only supported value for es_kubernetes_secret_type is dockerconfigjson and for sm_secret_type is iam_credentials or trusted_profile"
5555
}
5656
}
5757

0 commit comments

Comments
 (0)