fix: create dependency between secret and build (terraform-ibm-module…

…s#113)
argeiger · Jan 8, 2025 · 3dfc2b9 · 3dfc2b9
1 parent c5bc4aa
commit 3dfc2b9
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -154,16 +154,16 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_apps"></a> [apps](#input\_apps) | A map of code engine apps to be created. | <pre>map(object({<br/>    image_reference = string<br/>    image_secret    = optional(string)<br/>    run_env_variables = optional(list(object({<br/>      type      = optional(string)<br/>      name      = optional(string)<br/>      value     = optional(string)<br/>      prefix    = optional(string)<br/>      key       = optional(string)<br/>      reference = optional(string)<br/>    })))<br/>    run_volume_mounts = optional(list(object({<br/>      mount_path = string<br/>      reference  = string<br/>      name       = optional(string)<br/>      type       = string<br/>    })))<br/>    image_port                    = optional(number)<br/>    managed_domain_mappings       = optional(string)<br/>    run_arguments                 = optional(list(string))<br/>    run_as_user                   = optional(number)<br/>    run_commands                  = optional(list(string))<br/>    run_service_account           = optional(string)<br/>    scale_concurrency             = optional(number)<br/>    scale_concurrency_target      = optional(number)<br/>    scale_cpu_limit               = optional(string)<br/>    scale_ephemeral_storage_limit = optional(string)<br/>    scale_initial_instances       = optional(number)<br/>    scale_max_instances           = optional(number)<br/>    scale_memory_limit            = optional(string)<br/>    scale_min_instances           = optional(number)<br/>    scale_request_timeout         = optional(number)<br/>  }))</pre> | `{}` | no |
-| <a name="input_bindings"></a> [bindings](#input\_bindings) | A map of code engine bindings to be created. | <pre>map(object({<br/>    secret_name = string<br/>    components = list(object({<br/>      name          = string<br/>      resource_type = string<br/>    }))<br/>  }))</pre> | `{}` | no |
-| <a name="input_builds"></a> [builds](#input\_builds) | A map of code engine builds to be created. | <pre>map(object({<br/>    output_image       = string<br/>    output_secret      = string # pragma: allowlist secret<br/>    source_url         = string<br/>    strategy_type      = string<br/>    source_context_dir = optional(string)<br/>    source_revision    = optional(string)<br/>    source_secret      = optional(string)<br/>    source_type        = optional(string)<br/>    strategy_size      = optional(string)<br/>    strategy_spec_file = optional(string)<br/>    timeout            = optional(number)<br/>  }))</pre> | `{}` | no |
-| <a name="input_config_maps"></a> [config\_maps](#input\_config\_maps) | A map of code engine config maps to be created. | <pre>map(object({<br/>    data = map(string)<br/>  }))</pre> | `{}` | no |
-| <a name="input_domain_mappings"></a> [domain\_mappings](#input\_domain\_mappings) | A map of code engine domain mappings to be created. | <pre>map(object({<br/>    tls_secret = string # pragma: allowlist secret<br/>    components = list(object({<br/>      name          = string<br/>      resource_type = string<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_apps"></a> [apps](#input\_apps) | A map of code engine apps to be created. | <pre>map(object({<br>    image_reference = string<br>    image_secret    = optional(string)<br>    run_env_variables = optional(list(object({<br>      type      = optional(string)<br>      name      = optional(string)<br>      value     = optional(string)<br>      prefix    = optional(string)<br>      key       = optional(string)<br>      reference = optional(string)<br>    })))<br>    run_volume_mounts = optional(list(object({<br>      mount_path = string<br>      reference  = string<br>      name       = optional(string)<br>      type       = string<br>    })))<br>    image_port                    = optional(number)<br>    managed_domain_mappings       = optional(string)<br>    run_arguments                 = optional(list(string))<br>    run_as_user                   = optional(number)<br>    run_commands                  = optional(list(string))<br>    run_service_account           = optional(string)<br>    scale_concurrency             = optional(number)<br>    scale_concurrency_target      = optional(number)<br>    scale_cpu_limit               = optional(string)<br>    scale_ephemeral_storage_limit = optional(string)<br>    scale_initial_instances       = optional(number)<br>    scale_max_instances           = optional(number)<br>    scale_memory_limit            = optional(string)<br>    scale_min_instances           = optional(number)<br>    scale_request_timeout         = optional(number)<br>  }))</pre> | `{}` | no |
+| <a name="input_bindings"></a> [bindings](#input\_bindings) | A map of code engine bindings to be created. | <pre>map(object({<br>    secret_name = string<br>    components = list(object({<br>      name          = string<br>      resource_type = string<br>    }))<br>  }))</pre> | `{}` | no |
+| <a name="input_builds"></a> [builds](#input\_builds) | A map of code engine builds to be created. | <pre>map(object({<br>    output_image       = string<br>    output_secret      = string # pragma: allowlist secret<br>    source_url         = string<br>    strategy_type      = string<br>    source_context_dir = optional(string)<br>    source_revision    = optional(string)<br>    source_secret      = optional(string)<br>    source_type        = optional(string)<br>    strategy_size      = optional(string)<br>    strategy_spec_file = optional(string)<br>    timeout            = optional(number)<br>  }))</pre> | `{}` | no |
+| <a name="input_config_maps"></a> [config\_maps](#input\_config\_maps) | A map of code engine config maps to be created. | <pre>map(object({<br>    data = map(string)<br>  }))</pre> | `{}` | no |
+| <a name="input_domain_mappings"></a> [domain\_mappings](#input\_domain\_mappings) | A map of code engine domain mappings to be created. | <pre>map(object({<br>    tls_secret = string # pragma: allowlist secret<br>    components = list(object({<br>      name          = string<br>      resource_type = string<br>    }))<br>  }))</pre> | `{}` | no |
 | <a name="input_existing_project_id"></a> [existing\_project\_id](#input\_existing\_project\_id) | The ID of the existing project to which code engine resources will be added. It is required if var.project\_name is null. | `string` | `null` | no |
-| <a name="input_jobs"></a> [jobs](#input\_jobs) | A map of code engine jobs to be created. | <pre>map(object({<br/>    image_reference = string<br/>    image_secret    = optional(string)<br/>    run_env_variables = optional(list(object({<br/>      type      = optional(string)<br/>      name      = optional(string)<br/>      value     = optional(string)<br/>      prefix    = optional(string)<br/>      key       = optional(string)<br/>      reference = optional(string)<br/>    })))<br/>    run_volume_mounts = optional(list(object({<br/>      mount_path = string<br/>      reference  = string<br/>      name       = optional(string)<br/>      type       = string<br/>    })))<br/>    run_arguments                 = optional(list(string))<br/>    run_as_user                   = optional(number)<br/>    run_commands                  = optional(list(string))<br/>    run_mode                      = optional(string)<br/>    run_service_account           = optional(string)<br/>    scale_array_spec              = optional(string)<br/>    scale_cpu_limit               = optional(string)<br/>    scale_ephemeral_storage_limit = optional(string)<br/>    scale_max_execution_time      = optional(number)<br/>    scale_memory_limit            = optional(string)<br/>    scale_retry_limit             = optional(number)<br/>  }))</pre> | `{}` | no |
+| <a name="input_jobs"></a> [jobs](#input\_jobs) | A map of code engine jobs to be created. | <pre>map(object({<br>    image_reference = string<br>    image_secret    = optional(string)<br>    run_env_variables = optional(list(object({<br>      type      = optional(string)<br>      name      = optional(string)<br>      value     = optional(string)<br>      prefix    = optional(string)<br>      key       = optional(string)<br>      reference = optional(string)<br>    })))<br>    run_volume_mounts = optional(list(object({<br>      mount_path = string<br>      reference  = string<br>      name       = optional(string)<br>      type       = string<br>    })))<br>    run_arguments                 = optional(list(string))<br>    run_as_user                   = optional(number)<br>    run_commands                  = optional(list(string))<br>    run_mode                      = optional(string)<br>    run_service_account           = optional(string)<br>    scale_array_spec              = optional(string)<br>    scale_cpu_limit               = optional(string)<br>    scale_ephemeral_storage_limit = optional(string)<br>    scale_max_execution_time      = optional(number)<br>    scale_memory_limit            = optional(string)<br>    scale_retry_limit             = optional(number)<br>  }))</pre> | `{}` | no |
 | <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The name of the project to which code engine resources will be added. It is required if var.existing\_project\_id is null. | `string` | `null` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | ID of the resource group to use when creating resources. | `string` | n/a | yes |
-| <a name="input_secrets"></a> [secrets](#input\_secrets) | A map of code engine secrets to be created. | <pre>map(object({<br/>    format = string<br/>    data   = map(string)<br/>    # Issue with provider, service_access is not supported at the moment. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5232<br/>    # service_access = optional(list(object({<br/>    #   resource_key = list(object({<br/>    #     id = optional(string)<br/>    #   }))<br/>    #   role = list(object({<br/>    #     crn = optional(string)<br/>    #   }))<br/>    #   service_instance = list(object({<br/>    #     id = optional(string)<br/>    #   }))<br/>    # })))<br/>  }))</pre> | `{}` | no |
+| <a name="input_secrets"></a> [secrets](#input\_secrets) | A map of code engine secrets to be created. | <pre>map(object({<br>    format = string<br>    data   = map(string)<br>    # Issue with provider, service_access is not supported at the moment. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5232<br>    # service_access = optional(list(object({<br>    #   resource_key = list(object({<br>    #     id = optional(string)<br>    #   }))<br>    #   role = list(object({<br>    #     crn = optional(string)<br>    #   }))<br>    #   service_instance = list(object({<br>    #     id = optional(string)<br>    #   }))<br>    # })))<br>  }))</pre> | `{}` | no |
 
 ### Outputs
 

diff --git a/main.tf b/main.tf
@@ -99,6 +99,7 @@ module "secret" {
 # Code Engine Build
 ##############################################################################
 module "build" {
+  depends_on         = [module.secret]
   source             = "./modules/build"
   for_each           = var.builds
   project_id         = local.project_id

diff --git a/modules/app/README.md b/modules/app/README.md
@@ -64,9 +64,9 @@ No modules.
 | <a name="input_run_arguments"></a> [run\_arguments](#input\_run\_arguments) | Arguments for the app that are passed to start the container. | `list(string)` | `[]` | no |
 | <a name="input_run_as_user"></a> [run\_as\_user](#input\_run\_as\_user) | The user ID (UID) to run the app. | `number` | `null` | no |
 | <a name="input_run_commands"></a> [run\_commands](#input\_run\_commands) | Commands for the app that are passed to start the container. | `list(string)` | `[]` | no |
-| <a name="input_run_env_variables"></a> [run\_env\_variables](#input\_run\_env\_variables) | References to config maps, secrets or a literal values that are exposed as environment variables within the running application. | <pre>list(object({<br/>    type      = optional(string)<br/>    name      = optional(string)<br/>    value     = optional(string)<br/>    prefix    = optional(string)<br/>    key       = optional(string)<br/>    reference = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_run_env_variables"></a> [run\_env\_variables](#input\_run\_env\_variables) | References to config maps, secrets or a literal values that are exposed as environment variables within the running application. | <pre>list(object({<br>    type      = optional(string)<br>    name      = optional(string)<br>    value     = optional(string)<br>    prefix    = optional(string)<br>    key       = optional(string)<br>    reference = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_run_service_account"></a> [run\_service\_account](#input\_run\_service\_account) | The name of the service account. | `string` | `"default"` | no |
-| <a name="input_run_volume_mounts"></a> [run\_volume\_mounts](#input\_run\_volume\_mounts) | Optional mounts of config maps or a secrets. | <pre>list(object({<br/>    mount_path = string<br/>    reference  = string<br/>    name       = optional(string)<br/>    type       = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_run_volume_mounts"></a> [run\_volume\_mounts](#input\_run\_volume\_mounts) | Optional mounts of config maps or a secrets. | <pre>list(object({<br>    mount_path = string<br>    reference  = string<br>    name       = optional(string)<br>    type       = string<br>  }))</pre> | `[]` | no |
 | <a name="input_scale_concurrency"></a> [scale\_concurrency](#input\_scale\_concurrency) | The maximum number of requests that can be processed concurrently per instance. | `number` | `100` | no |
 | <a name="input_scale_concurrency_target"></a> [scale\_concurrency\_target](#input\_scale\_concurrency\_target) | The threshold of concurrent requests per instance at which one or more additional instances are created. | `number` | `null` | no |
 | <a name="input_scale_cpu_limit"></a> [scale\_cpu\_limit](#input\_scale\_cpu\_limit) | The number of CPU set for the instance of the app. | `string` | `"1"` | no |

diff --git a/modules/binding/README.md b/modules/binding/README.md
@@ -54,7 +54,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_components"></a> [components](#input\_components) | A reference to another component. | <pre>list(object({<br/>    name          = string<br/>    resource_type = string<br/>  }))</pre> | n/a | yes |
+| <a name="input_components"></a> [components](#input\_components) | A reference to another component. | <pre>list(object({<br>    name          = string<br>    resource_type = string<br>  }))</pre> | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Value that is set as prefix in the component that is bound. | `string` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The ID of the project where binding will be created. | `string` | n/a | yes |
 | <a name="input_secret_name"></a> [secret\_name](#input\_secret\_name) | The service access secret that is binding to a component. | `string` | n/a | yes |

diff --git a/modules/domain_mapping/README.md b/modules/domain_mapping/README.md
@@ -54,7 +54,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_components"></a> [components](#input\_components) | A reference to another component. | <pre>list(object({<br/>    name          = string<br/>    resource_type = string<br/>  }))</pre> | n/a | yes |
+| <a name="input_components"></a> [components](#input\_components) | A reference to another component. | <pre>list(object({<br>    name          = string<br>    resource_type = string<br>  }))</pre> | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The name of the domain mapping. | `string` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The ID of the project where domain mapping will be created. | `string` | n/a | yes |
 | <a name="input_tls_secret"></a> [tls\_secret](#input\_tls\_secret) | The name of the TLS secret that holds the certificate and private key of this domain mapping. | `string` | n/a | yes |

diff --git a/modules/job/README.md b/modules/job/README.md
@@ -62,10 +62,10 @@ No modules.
 | <a name="input_run_arguments"></a> [run\_arguments](#input\_run\_arguments) | Arguments for the app that are passed to start the container. | `list(string)` | `[]` | no |
 | <a name="input_run_as_user"></a> [run\_as\_user](#input\_run\_as\_user) | The user ID (UID) to run the app. | `number` | `null` | no |
 | <a name="input_run_commands"></a> [run\_commands](#input\_run\_commands) | Commands for the app that are passed to start the container. | `list(string)` | `[]` | no |
-| <a name="input_run_env_variables"></a> [run\_env\_variables](#input\_run\_env\_variables) | References to config maps, secrets or a literal values that are exposed as environment variables within the running application. | <pre>list(object({<br/>    type      = optional(string)<br/>    name      = optional(string)<br/>    value     = optional(string)<br/>    prefix    = optional(string)<br/>    key       = optional(string)<br/>    reference = optional(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_run_env_variables"></a> [run\_env\_variables](#input\_run\_env\_variables) | References to config maps, secrets or a literal values that are exposed as environment variables within the running application. | <pre>list(object({<br>    type      = optional(string)<br>    name      = optional(string)<br>    value     = optional(string)<br>    prefix    = optional(string)<br>    key       = optional(string)<br>    reference = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_run_mode"></a> [run\_mode](#input\_run\_mode) | Commands for the app that are passed to start the container. | `string` | `"task"` | no |
 | <a name="input_run_service_account"></a> [run\_service\_account](#input\_run\_service\_account) | The name of the service account. | `string` | `"default"` | no |
-| <a name="input_run_volume_mounts"></a> [run\_volume\_mounts](#input\_run\_volume\_mounts) | Optional mounts of config maps or a secrets. | <pre>list(object({<br/>    mount_path = string<br/>    reference  = string<br/>    name       = optional(string)<br/>    type       = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_run_volume_mounts"></a> [run\_volume\_mounts](#input\_run\_volume\_mounts) | Optional mounts of config maps or a secrets. | <pre>list(object({<br>    mount_path = string<br>    reference  = string<br>    name       = optional(string)<br>    type       = string<br>  }))</pre> | `[]` | no |
 | <a name="input_scale_array_spec"></a> [scale\_array\_spec](#input\_scale\_array\_spec) | Define a custom set of array indices as comma-separated list containing single values and hyphen-separated ranges like 5,12-14,23,27. | `string` | `null` | no |
 | <a name="input_scale_cpu_limit"></a> [scale\_cpu\_limit](#input\_scale\_cpu\_limit) | The number of CPU set for the instance of the app. | `string` | `"1"` | no |
 | <a name="input_scale_ephemeral_storage_limit"></a> [scale\_ephemeral\_storage\_limit](#input\_scale\_ephemeral\_storage\_limit) | The amount of ephemeral storage to set for the instance of the app. | `string` | `"400M"` | no |