feat: Add delete_in argument

terranisu · terranisu · commit 555d9db14d88 · 2024-04-04T15:53:50.000+02:00
diff --git a/main.tf b/main.tf
@@ -24,6 +24,8 @@ resource "aws_secretsmanager_secret" "app" {
 
   policy = lookup(local.arns, each.key, null) == null ? null : data.aws_iam_policy_document.access[each.key].json
 
+  recovery_window_in_days = var.delete_in
+
   tags = merge(var.tags, { "service" = var.app_name })
 }
 
diff --git a/variables.tf b/variables.tf
@@ -21,6 +21,18 @@ variable "secrets" {
   )
 }
 
+variable "delete_in" {
+  description = "Number of days to wait before secret deletion"
+  type        = number
+
+  default = 30
+
+  validation {
+    condition     = var.delete_in == 0 || contains(range(7, 30), var.delete_in)
+    error_message = "The delete_in value must be 0 or between 7 and 30."
+  }
+}
+
 variable "tags" {
   description = "Key-value map of tags"
   type        = map(string)

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@ resource "aws_secretsmanager_secret" "app" {`
`24`	`24`
`25`	`25`	`policy = lookup(local.arns, each.key, null) == null ? null : data.aws_iam_policy_document.access[each.key].json`
`26`	`26`
	`27`	`+ recovery_window_in_days = var.delete_in`
	`28`	`+`
`27`	`29`	`tags = merge(var.tags, { "service" = var.app_name })`
`28`	`30`	`}`
`29`	`31`