feat: pin down secure-api-secret location from global to specific (#120)

miketnt · web-flow · commit 4600a1370786 · 2022-08-31T10:58:53.000Z
* feat: pin down secure-api-secret location from global to specific

* docs: tflint terraform_docs
diff --git a/examples/organization/README.md b/examples/organization/README.md
@@ -106,8 +106,8 @@ module "secure-for-cloud_example_organization" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.39 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules
 
diff --git a/examples/single-project-k8s/README.md b/examples/single-project-k8s/README.md
@@ -81,9 +81,9 @@ See [inputs summary](#inputs) or module module [`variables.tf`](./variables.tf)
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.39 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules
 
diff --git a/examples/single-project/README.md b/examples/single-project/README.md
@@ -82,8 +82,8 @@ module "secure-for-cloud_example_single-project" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.39 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.40 |
 
 ## Modules
 
diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md
@@ -38,7 +38,7 @@ module "secure-for-cloud_trigger_events" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 
diff --git a/modules/infrastructure/organization_sink/README.md b/modules/infrastructure/organization_sink/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 
diff --git a/modules/infrastructure/project_sink/README.md b/modules/infrastructure/project_sink/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 
diff --git a/modules/infrastructure/pubsub_subscription/README.md b/modules/infrastructure/pubsub_subscription/README.md
@@ -15,7 +15,7 @@ already exists in the project. It will create the topic if it doesn't exist.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 
diff --git a/modules/infrastructure/secrets/README.md b/modules/infrastructure/secrets/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 
@@ -25,6 +25,7 @@ No modules.
 | [google_secret_manager_secret.secure_api_secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) | resource |
 | [google_secret_manager_secret_iam_member.secret_reader](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_iam_member) | resource |
 | [google_secret_manager_secret_version.secure_api_secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) | resource |
+| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
 
 ## Inputs
 
diff --git a/modules/infrastructure/secrets/data.tf b/modules/infrastructure/secrets/data.tf
@@ -0,0 +1,2 @@
+data "google_client_config" "current" {
+}
diff --git a/modules/infrastructure/secrets/main.tf b/modules/infrastructure/secrets/main.tf
@@ -1,7 +1,11 @@
 resource "google_secret_manager_secret" "secure_api_secret" {
   secret_id = "${var.name}-sysdig-secure-api-secret"
   replication {
-    automatic = true
+    user_managed {
+      replicas {
+        location = data.google_client_config.current.region
+      }
+    }
   }
 }
 
diff --git a/modules/services/cloud-connector/README.md b/modules/services/cloud-connector/README.md
@@ -32,7 +32,7 @@ module "cloud_connector_gcp" {
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.33.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.34.0 |
 
 ## Modules
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+data "google_client_config" "current" {`
	`2`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,11 @@`
`1`	`1`	`resource "google_secret_manager_secret" "secure_api_secret" {`
`2`	`2`	`secret_id = "${var.name}-sysdig-secure-api-secret"`
`3`	`3`	`replication {`
`4`		`- automatic = true`
	`4`	`+ user_managed {`
	`5`	`+ replicas {`
	`6`	`+ location = data.google_client_config.current.region`
	`7`	`+ }`
	`8`	`+ }`
`5`	`9`	`}`
`6`	`10`	`}`
`7`	`11`