feat: secret endpoint type (#69)

rajatagarwal-ibm · web-flow · commit 7e3191de8446 · 2024-05-17T10:35:21.000+01:00
* feat: secret endpoint type

* feat: secret endpoint type

* feat: secret endpoint type
diff --git a/solutions/banking/main.tf b/solutions/banking/main.tf
@@ -43,6 +43,7 @@ module "secrets_manager_secret_ibm_iam" {
   secret_description      = "IBM IAM Api key"
   secret_type             = "arbitrary" #checkov:skip=CKV_SECRET_6
   secret_payload_password = var.ibmcloud_api_key
+  endpoint_type           = var.secrets_endpoint_type
 }
 
 # secrets manager secrets - IBM signing key
@@ -59,6 +60,7 @@ module "secrets_manager_secret_signing_key" {
   secret_description      = "IBM Signing GPG key"
   secret_type             = "arbitrary" #checkov:skip=CKV_SECRET_6
   secret_payload_password = var.signing_key
+  endpoint_type           = var.secrets_endpoint_type
 }
 
 # secrets manager secrets - WATSONX ADMIN API KEY
@@ -75,6 +77,7 @@ module "secrets_manager_secret_watsonx_admin_api_key" {
   secret_description      = "WatsonX Admin API Key"
   secret_type             = "arbitrary" #checkov:skip=CKV_SECRET_6
   secret_payload_password = var.watsonx_admin_api_key
+  endpoint_type           = var.secrets_endpoint_type
 }
 
 
diff --git a/solutions/banking/variables.tf b/solutions/banking/variables.tf
@@ -107,6 +107,12 @@ variable "create_secrets" {
   default     = true
 }
 
+variable "secrets_endpoint_type" {
+  type        = string
+  description = "The endpoint type to communicate with the provided secrets manager instance. Possible values are `public` or `private`"
+  default     = "private"
+}
+
 variable "secrets_manager_guid" {
   description = "Secrets Manager GUID where the API key and signing key will be stored."
   type        = string
diff --git a/tests/pr_test.go b/tests/pr_test.go
@@ -82,6 +82,7 @@ func TestRunBankingSolutions(t *testing.T) {
 				"secrets_manager_region":                         region,
 				"signing_key":                                    terraform.Output(t, existingTerraformOptions, "signing_key"),
 				"trigger_ci_pipeline_run":                        false,
+				"secrets_endpoint_type":                          "public",
 			},
 		})
 

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ module "secrets_manager_secret_ibm_iam" {`
`43`	`43`	`secret_description = "IBM IAM Api key"`
`44`	`44`	`secret_type = "arbitrary" #checkov:skip=CKV_SECRET_6`
`45`	`45`	`secret_payload_password = var.ibmcloud_api_key`
	`46`	`+ endpoint_type = var.secrets_endpoint_type`
`46`	`47`	`}`
`47`	`48`
`48`	`49`	`# secrets manager secrets - IBM signing key`
`@@ -59,6 +60,7 @@ module "secrets_manager_secret_signing_key" {`
`59`	`60`	`secret_description = "IBM Signing GPG key"`
`60`	`61`	`secret_type = "arbitrary" #checkov:skip=CKV_SECRET_6`
`61`	`62`	`secret_payload_password = var.signing_key`
	`63`	`+ endpoint_type = var.secrets_endpoint_type`
`62`	`64`	`}`
`63`	`65`
`64`	`66`	`# secrets manager secrets - WATSONX ADMIN API KEY`
`@@ -75,6 +77,7 @@ module "secrets_manager_secret_watsonx_admin_api_key" {`
`75`	`77`	`secret_description = "WatsonX Admin API Key"`
`76`	`78`	`secret_type = "arbitrary" #checkov:skip=CKV_SECRET_6`
`77`	`79`	`secret_payload_password = var.watsonx_admin_api_key`
	`80`	`+ endpoint_type = var.secrets_endpoint_type`
`78`	`81`	`}`
`79`	`82`
`80`	`83`