Revamp secretsmanager module #8
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es128-key-rotation (#1)
* Relabel versions in reverse order to try and prevent leaving versions unlabeled * Add tagging functionality * Remove default runtime environment setting
Upgrade to supported Python lambda runtimes.
* Recent versions of Python re module demands r-strings instead
of ordinary strings.
* Update documentation to eliminate obsolete references to a
default Python runtime. The runtime is determined when the
infrastructure is deployed, and isn't baked into the module.
JonRoma
requested review from
kwessel,
cmaturi,
dimpsey,
eccoleman,
jgrier-iamu and
ecohmanuiuc
JonRoma
added
enhancement
* Replace one deprecated output variable. * Remove redundant output variable. * Streamline descriptions of other output variables.
* Added support for disabling rotation of SecretsManager secrets.
The previous iteration provided a default lambda function to do
rotation whether it was desired or not.
* Cleaned up legacy Terraform code by using `null` instead of empty
string for some default variable declarations.
* Some variables (the secret `name`) are now required, others are
now optional.
* Fixed `rotation_enabled` to accurately report when rotation is enabled.
* Add `rotation_lambda_arn` to outputs.
* When not assigning a lambda function to use rotation, avoid
needless call to data source.
* This module is not specific to the Shibboleth IdP data sealer.
Remove all references in code and in README.md that implies
that this module is specific to Shibboleth.
* Created hierarchy of secret naming (e.g., "shibboleth-idp/data-sealer")
so as to make it easier to find things contextually.
* Renamed module and updated README.md to reflect new generic status
of module.
* Create submodules and move existing code, cleaning up in the process.
* Support managing multiple secrets in a single directory, each
secret having its own arguments -- namely, automatically_after_days,
description, function_name, and recovery_window_in_days.
* Rotation is optional since some secretsmanager use cases exist
simply to take advantage of larger secrets that do not necessarily
autorotate.
Some work on a policy is still needed.
NOTE: This code was written for Shib-in-a-box; as such, it is probably
no longer used and can be deleted if no future use is envisioned.
* Import module source from the previous GitHub repository
techservicesillinois/terraform-aws-aes128-key-rotation into
this repo, under modules/lambda/rotate-aes128-key.
* Get rid of default runtime. This should always require explicit
selection.
* Add tag support.
Fix error made during import of aes128-key-rotation-binary into this repo wherein submodule's directory path was botched.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.